[Oisf-users] stats.log file
Will Metcalf
william.metcalf at gmail.com
Tue Feb 15 21:44:33 UTC 2011
When I get the chance, I will have a look. AFAIK the PF_RING stats
come directly from PF_RING. Whereas the suricata stats are something
that we calculate locally.
Regards,
Will
On Mon, Feb 14, 2011 at 2:42 AM, David Rodrigues
<david.network.security at gmail.com> wrote:
> Hi all,
>
> Regarding point 2. I would like to say that Suricata output is a bit confuse.
>
> I'm testing Suricata with pf-ring, so my output looks like:
>
> [22504] 13/2/2011 -- 23:59:01 - (source-pfring.c:313) <Info>
> (ReceivePfringThreadExitStats) -- (ReceivePfring) Packets 3126352683,
> bytes 6709029928781
> [22504] 13/2/2011 -- 23:59:01 - (source-pfring.c:317) <Info>
> (ReceivePfringThreadExitStats) -- (ReceivePfring) Pfring
> Total:7701324177 Recv:7421319979 Drop:280004198 (3.6%)
>
> I have been running empirical tests on the network. The 3.6% drop rate
> is definitively wrong.
>
> However if I divide 3126352683 (packets analyzed by Suricata) by
> 7701324177 (total number of packets) the result is 0.41 (41%). This
> drop rate seems to be the correct one. Can someone confirm (or not)
> this?
>
> Cheers,
>
> David
>
> On Wed, Feb 9, 2011 at 11:23 PM, Victor Julien <victor at inliniac.net> wrote:
>> On 02/09/2011 04:45 AM, ali wrote:
>>> Hi all,
>>>
>>> can anybody help me to solve my questions:-
>>>
>>> 1. After compiling suricata, why i get two tables in stats.log file?.
>>
>> By default Suricata will write one "table" each 8 seconds.
>>
>>> 2. where can i see the packet drop/packet analysed/packet received
>>> information?.
>>
>> At shutdown Suricata will print this information to the screen.
>>
>> Cheers,
>> Victor
>>
>>>
>>> _______________________________________________
>>> Oisf-users mailing list
>>> Oisf-users at openinfosecfoundation.org
>>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>>
>>
>>
>> --
>> ---------------------------------------------
>> Victor Julien
>> http://www.inliniac.net/
>> PGP: http://www.inliniac.net/victorjulien.asc
>> ---------------------------------------------
>>
>> _______________________________________________
>> Oisf-users mailing list
>> Oisf-users at openinfosecfoundation.org
>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
More information about the Oisf-users
mailing list