Here are some basic munin plugins for snort using perfmon (Enable preprocessor perfmonitor in snort.conf
)
The snort.conf entry should look something like:
preprocessor perfmonitor: time 300 file /your/path/to/snort.stats pktcnt 5000
(Read the snort docs for more info on performance issues etc.)
Drop Rate:
http://download.gamelinux.org/snort/snort_drop_rate
Pattern Matching:
http://download.gamelinux.org/snort/snort_pattern_match
Traffic speed:
http://download.gamelinux.org/snort/snort_traffic
Alerts:
http://download.gamelinux.org/snort/snort_alerts
Avg KBytes/pkt:
http://download.gamelinux.org/snort/snort_bytes_pkt
Avg Pkts/sec:
http://download.gamelinux.org/snort/snort_pkts
Edit any one of them, to graph what you want from perfmon output. It should be easy!
And now I will test them myself!
Update:
Here is a picture to give you an idea on how the graphs looks:
http://download.gamelinux.org/snort/Snort-Munin-Plugins.pngsource: http://www.gamelinux.org/?p=32
source: GAMELINUX
Source: nixCraft
What command I need to type to display Linux kernel version and other information such as Linux distribution name? How do I check Linux kernel version number?
You need to use the following two commands:
[a] uname - Print kernel and system information.
[b] lsb_release - Print distribution-specific information.
[c] /proc/version file - Print running kernel information.
How to check linux kernel version number?
Open a shell prompt (or a terminal) and type the following command to see your current Linux kernel version:
$ uname -r
Sample outputs:
2.6.32-23-generic-pae
Or type the following command:
$ uname -mrs
Sample outputs:
Linux 2.6.32-23-generic-pae i686
To print all information, enter:
$ uname -a
Sample outputs:
Linux vivek-laptop 2.6.32-23-generic-pae #37-Ubuntu SMP Fri Jun 11 09:26:55 UTC 2010 i686 GNU/Linux
Where,
- 2.6.32-23 – Linux kernel version number
- pae – pae kernel type indicate that I’m accssing more than 4GB ram using 32 bit kernel.
- SMP – Kernel that supports multi core and multiple cpus.
Lire la suite…
The mod_geoip2 module embeds GeoIP database lookups into the Apache web server. It is only capable of looking up the IP of a client that connects to the web server, as opposed to looking up arbitrary addresses.
This module works with Apache 2. Please use mod_geoip with Apache 1.
Installation
You may download the latest release of mod_geoip2 or get the latest development version from GitHub. See the included INSTALL
file in the tarball for installation details.
Overview
The mod_geoip2 module uses the libGeoIP library to look up geolocation information for a client as part of the http request process. This module is free software, and is licensed under the Apache license.
To compile and install this module, you must first install libGeoIP 1.4.3 or newer.
The mod_geoip2 module takes effect either during request header parsing phase or the post read request phase, depending on whether it is configured for server-wide use or for a specific location/directory.
When enabled, the module looks at the incoming IP address and sets some variables which provide geolocation information for that IP. The variables it set depend on the specific GeoIP database being used (Country, City, ISP, etc.). These variables can be set in either the request notes table, the environment or both depending on the server configuration.
Lire la suite…