Free Ebook "Snort Cookbook" Sample Chapter

Snort, the defacto standard of intrusion detection tools, can save countless headaches; the new Snort Cookbook will save countless hours of trial and error. Each "recipe" offers a clear description of a gnarly problem, a concise but complete solution, and practical examples. But this ultimate SNORT sourcebook offers more than just immediate cut-and-paste answers; it also showcases the best tips and tricks to leverage the full power of SNORT--and still have a life.

Solution
Snort includes several tools to help determine how your network is performing. Chapter 4 discussed one of these tools: the performance monitor preprocessor, perfmonitor. The perfmonitor preprocessor logs its data in a comma-separated format file in the Snort log directory. The perfmon-graph tool can display this data to a web page, or you can even generate a text-based chart using the perfstats.c script in the Snort contrib directory. For the brave who want to create a rolling graph of protocol use, you can use the flow log preprocessor STDOUT logging mechanism to pull that information out of Snort to a dynamic interface (ESM/SIM anyone?). Fianlly, you can use Snort in binary mode then replay the packets to a file so you can pull all the data you want-such as top talkers, protocol use, etc.-through the use of custom scripts. The only reason to seek the last option is if the others can't help solve your problem.

Discussion
The perfmonitor preprocessor has been a part of the Snort code since Snort 1.9.0. This preprocessor was originally built to help debug and test Snort, but the developers decided to enable it with the open source code to help the community. This preprocessor has to be enabled at compile time with --enable-perfmonitor added to your configure statement. Chapter 4 gives examples of the full set of configuration options for the preprocessor in the snort.conf file. However, this information is logged to the Snort log directory in a CSV format file. This file can then be pulled over to a central machine for display, such as on a status board for your analysts to look at using perfmon-graph.

Free Ebook "Snort Cookbook" Sample Chapter

Monitoring Network Performance Problem

Can I use Snort to determine my network performance?

MAIN Home What's New Links Free Programming Tutorials Perl & CGI Scripts Phone Tools Programming Tutorials Visual Basic Codes ASP Scripts Database Tutorials FREE EBOOK Oreilly Free Ebooks Free ebook : ASP, ASP.NET Free ebook : C, C++, C# (C Sharp) Free ebook : Flash Free Ebook : Java Free Ebook : Javascript Free ebook : Linux Free ebook : Oracle Free ebook : PHP & MySQL Free ebook : Python Free ebook : Visual Basic & Visual Basic.NET Free ebook : Web Design, Web Programming, Web Development Related Free ebook : Office, Word Processor, Spreadsheet & Related Other Free Computer and Programming Ebook Other Free Ebooks FREE EBOOK CHAPTER/SAMPLE Java ebooks General .NET ebooks C /C++ /C# ebooks Visual Basic/ Visual Basic.NET ebooks Oracle ebooks PHP/MySQL ebooks Free Web Design/ Development ebooks chapter System Administration/ Networking/ Wireless ebooks Technology ebooks FREE MAGAZINE Free Computer Magazine Free Internet Magazine Free Information Technology Magazine Free Multimedia Magazine Free Network Magazine Free Telecommunication & Wireless Magazine	Free Programming Books Free download ebooks on computer and programming
	Free Ebook "Snort Cookbook" Sample Chapter Snort Cookbook Free download chapter 7: Miscellaneous Other Uses Download chapter Snort, the defacto standard of intrusion detection tools, can save countless headaches; the new Snort Cookbook will save countless hours of trial and error. Each "recipe" offers a clear description of a gnarly problem, a concise but complete solution, and practical examples. But this ultimate SNORT sourcebook offers more than just immediate cut-and-paste answers; it also showcases the best tips and tricks to leverage the full power of SNORT--and still have a life. < < prev next > > Monitoring Network Performance Problem Can I use Snort to determine my network performance? Solution Snort includes several tools to help determine how your network is performing. Chapter 4 discussed one of these tools: the performance monitor preprocessor, perfmonitor. The perfmonitor preprocessor logs its data in a comma-separated format file in the Snort log directory. The perfmon-graph tool can display this data to a web page, or you can even generate a text-based chart using the perfstats.c script in the Snort contrib directory. For the brave who want to create a rolling graph of protocol use, you can use the flow log preprocessor STDOUT logging mechanism to pull that information out of Snort to a dynamic interface (ESM/SIM anyone?). Fianlly, you can use Snort in binary mode then replay the packets to a file so you can pull all the data you want-such as top talkers, protocol use, etc.-through the use of custom scripts. The only reason to seek the last option is if the others can't help solve your problem. Discussion The perfmonitor preprocessor has been a part of the Snort code since Snort 1.9.0. This preprocessor was originally built to help debug and test Snort, but the developers decided to enable it with the open source code to help the community. This preprocessor has to be enabled at compile time with --enable-perfmonitor added to your configure statement. Chapter 4 gives examples of the full set of configuration options for the preprocessor in the snort.conf file. However, this information is logged to the Snort log directory in a CSV format file. This file can then be pulled over to a central machine for display, such as on a status board for your analysts to look at using perfmon-graph.