Can I use Snort to determine my network performance?

Snort includes several tools to help determine how your network is performing. Chapter 4 discussed one of these tools: the performance monitor preprocessor, perfmonitor. The perfmonitor preprocessor logs its data in a comma-separated format file in the Snort log directory. The perfmon-graph tool can display this data to a web page, or you can even generate a text-based chart using the perfstats.c script in the Snort contrib directory. For the brave who want to create a rolling graph of protocol use, you can use the flow log preprocessor STDOUT logging mechanism to pull that information out of Snort to a dynamic interface (ESM/SIM anyone?). Fianlly, you can use Snort in binary mode then replay the packets to a file so you can pull all the data you want—such as top talkers, protocol use, etc.—through the use of custom scripts. The only reason to seek the last option is if the others can’t help solve your problem.