[Oisf-devel] OpenBSD Suricata (again) and P2P detection

Victor Julien victor at inliniac.net
Thu Jun 7 08:39:05 UTC 2012 

On 06/01/2012 12:20 PM, Henri Wahl wrote:
> Hi,
>> Can you share an entry from your stats.log?
>>
> Which entry do you need? May sound stupid but this file has a size of >
> 200Mb.

One record, similar to:

-------------------------------------------------------------------
Date: 6/7/2012 -- 09:13:16 (uptime: 0d, 11h 26m 43s)
-------------------------------------------------------------------
Counter                   | TM Name                   | Value
-------------------------------------------------------------------
flow_mgr.closed_pruned    | FlowManagerThread         | 195245
flow_mgr.new_pruned       | FlowManagerThread         | 46418
flow_mgr.est_pruned       | FlowManagerThread         | 48827
flow.memuse               | FlowManagerThread         | 6452032
flow.spare                | FlowManagerThread         | 10002
flow.emerg_mode_entered   | FlowManagerThread         | 0
flow.emerg_mode_over      | FlowManagerThread         | 0
decoder.pkts              | RxPcapem21                | 255364236
decoder.bytes             | RxPcapem21                | 235994005869
decoder.ipv4              | RxPcapem21                | 255127126
decoder.ipv6              | RxPcapem21                | 5178
decoder.ethernet          | RxPcapem21                | 255364236
decoder.raw               | RxPcapem21                | 0
decoder.sll               | RxPcapem21                | 0
decoder.tcp               | RxPcapem21                | 254445319
decoder.udp               | RxPcapem21                | 309608
decoder.sctp              | RxPcapem21                | 0
decoder.icmpv4            | RxPcapem21                | 50310
decoder.icmpv6            | RxPcapem21                | 5138
decoder.ppp               | RxPcapem21                | 0
decoder.pppoe             | RxPcapem21                | 0
decoder.gre               | RxPcapem21                | 0
decoder.vlan              | RxPcapem21                | 0
decoder.avg_pkt_size      | RxPcapem21                | 924
decoder.max_pkt_size      | RxPcapem21                | 1514
defrag.ipv4.fragments     | RxPcapem21                | 166
defrag.ipv4.reassembled   | RxPcapem21                | 39
defrag.ipv4.timeouts      | RxPcapem21                | 0
defrag.ipv6.fragments     | RxPcapem21                | 0
defrag.ipv6.reassembled   | RxPcapem21                | 0
defrag.ipv6.timeouts      | RxPcapem21                | 0
tcp.sessions              | Detect                    | 20322
tcp.ssn_memcap_drop       | Detect                    | 0
tcp.pseudo                | Detect                    | 343
tcp.invalid_checksum      | Detect                    | 678
tcp.no_flow               | Detect                    | 0
tcp.reused_ssn            | Detect                    | 0
tcp.memuse                | Detect                    | 36175872
tcp.syn                   | Detect                    | 56457
tcp.synack                | Detect                    | 36339
tcp.rst                   | Detect                    | 18285
tcp.segment_memcap_drop   | Detect                    | 1104640
tcp.stream_depth_reached  | Detect                    | 0
tcp.reassembly_memuse     | Detect                    | 68310192
tcp.reassembly_gap        | Detect                    | 297
detect.alert              | Detect                    | 10453

Cheers,
Victor

-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------

More information about the Oisf-devel mailing list