OpenSourceSoftware, Snort

Basic munin plugins for Snort

I dropped by the snort forum and couldn’t keep my hands off..

Here are some basic munin plugins for snort using perfmon (Enable preprocessor perfmonitor in snort.conf)
The snort.conf entry should look something like:
preprocessor perfmonitor: time 300 file /your/path/to/snort.stats pktcnt 5000
(Read the snort docs for more info on performance issues etc.)

Drop Rate:
http://download.gamelinux.org/snort/snort_drop_rate

Pattern Matching:
http://download.gamelinux.org/snort/snort_pattern_match

Traffic speed:
http://download.gamelinux.org/snort/snort_traffic

Alerts:
http://download.gamelinux.org/snort/snort_alerts

Avg KBytes/pkt:
http://download.gamelinux.org/snort/snort_bytes_pkt

Avg Pkts/sec:
http://download.gamelinux.org/snort/snort_pkts

Edit any one of them, to graph what you want from perfmon output. It should be easy!

And now I will test them myself!

Update:
Here is a picture to give you an idea on how the graphs looks:
http://download.gamelinux.org/snort/Snort-Munin-Plugins.png

---
"Measure, don't speculate" -- Unknown
"Premature optimization is the root of all evil" -- Tony Hoare

Advertisements
Standard

3 thoughts on “Basic munin plugins for Snort

  1. Pingback: Monitoring and Dealing With Snort Alerts | Wazi

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s