Pre-Tuning Activities
After you have Snort installed and running, it is advisable to check whether Snort is dropping packets. There is no way to determine whether Snort is in a packet loss situation automatically. Additionally there is no feature to alert you if this precarious situation is occurring. As of now, no IDS currently supports this functionality, but it is likely to be implemented by many different vendors in the near future. You can force the Snort process to display status information on Linux systems with the following command:
killall –USR1 snort
This sends status information to the standard output or syslog for any process named snort. You could optionally specify the exact Snort daemon by specifying the process ID (PID), found ...
Get Intrusion Detection with Snort now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
