<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Franklin Gothic Book";
panose-1:2 11 5 3 2 1 2 2 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link="#0563C1" vlink="#954F72"><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>The stats log has a ‘tcp’ section that includes information about tcp packets with various flags (such as RST) set:<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal style='text-autospace:none'><span lang=FR style='font-family:Consolas'>$ tail -1 suricata-stats.log | jq .stats.tcp<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><b><span lang=FR style='font-family:Consolas'>{<o:p></o:p></span></b></p><p class=MsoNormal style='text-autospace:none'><b><span lang=FR style='font-family:Consolas'> </span></b><span lang=FR style='font-family:Consolas;color:#6060FF'>"sessions"</span><b><span lang=FR style='font-family:Consolas'>: </span></b><span lang=FR style='font-family:Consolas'>5635423<b>,<o:p></o:p></b></span></p><p class=MsoNormal style='text-autospace:none'><b><span lang=FR style='font-family:Consolas'> </span></b><span lang=FR style='font-family:Consolas;color:#6060FF'>"sessions_delta"</span><b><span lang=FR style='font-family:Consolas'>: </span></b><span lang=FR style='font-family:Consolas'>21781<b>,<o:p></o:p></b></span></p><p class=MsoNormal style='text-autospace:none'><b><span lang=FR style='font-family:Consolas'> </span></b><span lang=FR style='font-family:Consolas;color:#6060FF'>"ssn_memcap_drop"</span><b><span lang=FR style='font-family:Consolas'>: </span></b><span lang=FR style='font-family:Consolas'>0<b>,<o:p></o:p></b></span></p><p class=MsoNormal style='text-autospace:none'><b><span lang=FR style='font-family:Consolas'> </span></b><span style='font-family:Consolas;color:#6060FF'>"ssn_memcap_drop_delta"</span><b><span style='font-family:Consolas'>: </span></b><span style='font-family:Consolas'>0<b>,<o:p></o:p></b></span></p><p class=MsoNormal style='text-autospace:none'><b><span style='font-family:Consolas'> </span></b><span style='font-family:Consolas;color:#6060FF'>"pseudo"</span><b><span style='font-family:Consolas'>: </span></b><span style='font-family:Consolas'>2293001<b>,<o:p></o:p></b></span></p><p class=MsoNormal style='text-autospace:none'><b><span style='font-family:Consolas'> </span></b><span style='font-family:Consolas;color:#6060FF'>"pseudo_delta"</span><b><span style='font-family:Consolas'>: </span></b><span style='font-family:Consolas'>8226<b>,<o:p></o:p></b></span></p><p class=MsoNormal style='text-autospace:none'><b><span style='font-family:Consolas'> </span></b><span style='font-family:Consolas;color:#6060FF'>"pseudo_failed"</span><b><span style='font-family:Consolas'>: </span></b><span style='font-family:Consolas'>0<b>,<o:p></o:p></b></span></p><p class=MsoNormal style='text-autospace:none'><b><span style='font-family:Consolas'> </span></b><span style='font-family:Consolas;color:#6060FF'>"pseudo_failed_delta"</span><b><span style='font-family:Consolas'>: </span></b><span style='font-family:Consolas'>0<b>,<o:p></o:p></b></span></p><p class=MsoNormal style='text-autospace:none'><b><span style='font-family:Consolas'> </span></b><span style='font-family:Consolas;color:#6060FF'>"invalid_checksum"</span><b><span style='font-family:Consolas'>: </span></b><span style='font-family:Consolas'>5810<b>,<o:p></o:p></b></span></p><p class=MsoNormal style='text-autospace:none'><b><span style='font-family:Consolas'> </span></b><span style='font-family:Consolas;color:#6060FF'>"invalid_checksum_delta"</span><b><span style='font-family:Consolas'>: </span></b><span style='font-family:Consolas'>41<b>,<o:p></o:p></b></span></p><p class=MsoNormal style='text-autospace:none'><b><span style='font-family:Consolas'> </span></b><span style='font-family:Consolas;color:#6060FF'>"no_flow"</span><b><span style='font-family:Consolas'>: </span></b><span style='font-family:Consolas'>0<b>,<o:p></o:p></b></span></p><p class=MsoNormal style='text-autospace:none'><b><span style='font-family:Consolas'> </span></b><span style='font-family:Consolas;color:#6060FF'>"no_flow_delta"</span><b><span style='font-family:Consolas'>: </span></b><span style='font-family:Consolas'>0<b>,<o:p></o:p></b></span></p><p class=MsoNormal style='text-autospace:none'><b><span style='font-family:Consolas'> </span></b><span style='font-family:Consolas;color:#6060FF'>"syn"</span><b><span style='font-family:Consolas'>: </span></b><span style='font-family:Consolas'>8340424<b>,<o:p></o:p></b></span></p><p class=MsoNormal style='text-autospace:none'><b><span style='font-family:Consolas'> </span></b><span style='font-family:Consolas;color:#6060FF'>"syn_delta"</span><b><span style='font-family:Consolas'>: </span></b><span style='font-family:Consolas'>26186<b>,<o:p></o:p></b></span></p><p class=MsoNormal style='text-autospace:none'><b><span style='font-family:Consolas'> </span></b><span style='font-family:Consolas;color:#6060FF'>"synack"</span><b><span style='font-family:Consolas'>: </span></b><span style='font-family:Consolas'>4222135<b>,<o:p></o:p></b></span></p><p class=MsoNormal style='text-autospace:none'><b><span style='font-family:Consolas'> </span></b><span style='font-family:Consolas;color:#6060FF'>"synack_delta"</span><b><span style='font-family:Consolas'>: </span></b><span style='font-family:Consolas'>19581<b>,<o:p></o:p></b></span></p><p class=MsoNormal style='text-autospace:none'><b><span style='font-family:Consolas'> </span></b><span style='font-family:Consolas;color:#6060FF'>"rst"</span><b><span style='font-family:Consolas'>: </span></b><span style='font-family:Consolas'>3639829<b>,<o:p></o:p></b></span></p><p class=MsoNormal style='text-autospace:none'><b><span style='font-family:Consolas'> </span></b><span style='font-family:Consolas;color:#6060FF'>"rst_delta"</span><b><span style='font-family:Consolas'>: </span></b><span style='font-family:Consolas'>13041<b>,<o:p></o:p></b></span></p><p class=MsoNormal style='text-autospace:none'><b><span style='font-family:Consolas'> </span></b><span style='font-family:Consolas;color:#6060FF'>"segment_memcap_drop"</span><b><span style='font-family:Consolas'>: </span></b><span style='font-family:Consolas'>0<b>,<o:p></o:p></b></span></p><p class=MsoNormal style='text-autospace:none'><b><span style='font-family:Consolas'> </span></b><span style='font-family:Consolas;color:#6060FF'>"segment_memcap_drop_delta"</span><b><span style='font-family:Consolas'>: </span></b><span style='font-family:Consolas'>0<b>,<o:p></o:p></b></span></p><p class=MsoNormal style='text-autospace:none'><b><span style='font-family:Consolas'> </span></b><span style='font-family:Consolas;color:#6060FF'>"stream_depth_reached"</span><b><span style='font-family:Consolas'>: </span></b><span style='font-family:Consolas'>2117<b>,<o:p></o:p></b></span></p><p class=MsoNormal style='text-autospace:none'><b><span style='font-family:Consolas'> </span></b><span style='font-family:Consolas;color:#6060FF'>"stream_depth_reached_delta"</span><b><span style='font-family:Consolas'>: </span></b><span style='font-family:Consolas'>20<b>,<o:p></o:p></b></span></p><p class=MsoNormal style='text-autospace:none'><b><span style='font-family:Consolas'> </span></b><span style='font-family:Consolas;color:#6060FF'>"reassembly_gap"</span><b><span style='font-family:Consolas'>: </span></b><span style='font-family:Consolas'>96818<b>,<o:p></o:p></b></span></p><p class=MsoNormal style='text-autospace:none'><b><span style='font-family:Consolas'> </span></b><span style='font-family:Consolas;color:#6060FF'>"reassembly_gap_delta"</span><b><span style='font-family:Consolas'>: </span></b><span style='font-family:Consolas'>42<b>,<o:p></o:p></b></span></p><p class=MsoNormal style='text-autospace:none'><b><span style='font-family:Consolas'> </span></b><span style='font-family:Consolas;color:#6060FF'>"memuse"</span><b><span style='font-family:Consolas'>: </span></b><span style='font-family:Consolas'>3333264<b>,<o:p></o:p></b></span></p><p class=MsoNormal style='text-autospace:none'><b><span style='font-family:Consolas'> </span></b><span style='font-family:Consolas;color:#6060FF'>"memuse_delta"</span><b><span style='font-family:Consolas'>: </span></b><span style='font-family:Consolas'>168336<b>,<o:p></o:p></b></span></p><p class=MsoNormal style='text-autospace:none'><b><span style='font-family:Consolas'> </span></b><span style='font-family:Consolas;color:#6060FF'>"reassembly_memuse"</span><b><span style='font-family:Consolas'>: </span></b><span style='font-family:Consolas'>59549059<b>,<o:p></o:p></b></span></p><p class=MsoNormal style='text-autospace:none'><b><span style='font-family:Consolas'> </span></b><span style='font-family:Consolas;color:#6060FF'>"reassembly_memuse_delta"</span><b><span style='font-family:Consolas'>: </span></b><span style='font-family:Consolas'>8085816<o:p></o:p></span></p><p class=MsoNormal style='text-autospace:none'><b><span style='font-family:Consolas'>}<o:p></o:p></span></b></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><b><span style='font-family:"Franklin Gothic Book",sans-serif;color:#1F497D'>________________________<o:p></o:p></span></b></p><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Franklin Gothic Book",sans-serif;color:#1F497D'>Zach Rasmor<o:p></o:p></span></b></p><p class=MsoNormal><span style='font-size:9.0pt;font-family:"Franklin Gothic Book",sans-serif;color:#1F497D'>Email: <a href="mailto:zachary.r.rasmor@lmco.com"><span style='color:blue'>zachary.r.rasmor@lmco.com</span></a></span><b><span style='font-size:10.0pt;font-family:"Franklin Gothic Book",sans-serif;color:#1F497D'><o:p></o:p></span></b></p><p class=MsoNormal><span style='font-size:9.0pt;font-family:"Franklin Gothic Book",sans-serif;color:#1F497D'>Office: 301.240.6116<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>From:</span></b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> Oisf-devel [mailto:oisf-devel-bounces@lists.openinfosecfoundation.org] <b>On Behalf Of </b>Sherine Davis (Security Engineering)<br><b>Sent:</b> Monday, June 27, 2016 9:10 AM<br><b>To:</b> oisf-devel@lists.openinfosecfoundation.org<br><b>Subject:</b> EXTERNAL: [Oisf-devel] Adding more details to stats.log<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal>Hello Sir,<o:p></o:p></p><div><p class=MsoNormal>It would be great if you can point me to the right direction in about getting details about the number of reset packets or packets of different flags, on the stats.log file <o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Thank You<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Regards,<o:p></o:p></p></div><div><p class=MsoNormal>Sherine Davis<o:p></o:p></p></div></div></div></body></html>