Snort- preprocessor perfmonitor
Does anyone have any way to analyze the perfmonitor on a win32 system other than just opening the flat file and looking at the raw data?
I saw two possible linux solutions so far. (As of yet, I can't modify them to run in a win32 environment)
The two linux soltutions I found are perf-graph (pmgraph) and gpss.
I've gotten perf-graph close to working... but I keep getting the following error:
I have the correct version of perl and rrd
I'm sure the syntax is correct and I'm sure that the script can read the data. (if there isn't enough data, it tells you you have to wait until there is enough data). I have the preprocessor setup properly as recommened in the pmgraph README.
C:\path_to\pmgraph>perl pmgraph.pl c:\output\pmgraph\graphs\ c:\pathto\Snort\statsdir\statsfile.txt 1
Processing data from "c:\pathto\Snort\statsdir\statsfile.txt".
Got stats from 1 CPU
Inserting values into temporary RRD database
Error: RRD error: Cannot parse DS in 'DEF:drops=C:\DOCUME~1\user\LOCALS~1\Temp\
Using filemon, I can see that it does read the file and write the database into the temporary location above. Though, the temp. filename changes each run. (which I'd expect)
Also, on the site... it says
I'm using Snort 2.4.3
The current version works with the perfmonitor preprocessor included in Snort 2.4.0, 2.4.1 and 2.4.21, but not older versions. It may or may not work with future versions of Snort.
I wanted to script this to update the graph file (which I can do if it'd work) and link it to BASE.