[Oisf-users] [oisf-users] Consolidating Stats File Results from Multiple Interface Monitoring
Matthew Jonkman
jonkman at emergingthreatspro.com
Sun Feb 12 20:25:48 UTC 2012
How about we just define a log format like you can for an apache customlog? Then we only have to solve the problem once....
Matt
On Feb 12, 2012, at 11:54 AM, Peter Manev wrote:
> On 2/12/2012 1:04 AM, Josh White wrote:
>> That would work, I was originally thinking even an option to append the interface name and have have multiple stats files like stats.log.em1 or the reverse em1.stats.log. However if it was more of a csv format then it would be easier to graph in some cases.
>>
>> On Fri, Feb 10, 2012 at 9:20 AM, Victor Julien <victor at inliniac.net> wrote:
>> On 02/10/2012 02:44 AM, Peter Manev wrote:
>> > Hi,
>> >
>> > I don't think this is possible(in suri), you could of course use some
>> > bash/perl/your choice of scripting to achieve that.
>>
>> It's indeed not possible right now. I'm a bit torn on it, as I see use
>> for both cases. Ideally we're have it both simultaneously. Maybe we
>> should an easily parseble (csv or something) output option.
>>
> Actually I am very fond of the csv availability (in yaml maybe? ) for the different log files output. I agree with Josh - there are plenty of tools that make graphing possible (using csv files) and it would also come in handy for GeoIP visualization.
>
>
>> Cheers,
>> Victor
>>
>> >
>> > Thanks
>> >
>> > On Thu, Feb 9, 2012 at 2:33 AM, Josh White <josh at securemind.org
>> > <mailto:josh at securemind.org>> wrote:
>> >
>> > When I run Suri to monitor multiple interfaces like "suricata -c
>> > /etc/suricata/suricata.yaml -i em1 -i em2 -i em3" the stats.log file
>> > has multiple entries for each stat. "one entry for each interface
>> > being monitored"
>> >
>> > Is there an easy way to consolidate the stats so all the interface
>> > stats are consolidated?
>> >
>> > Josh
>> >
>> > _______________________________________________
>> > Oisf-users mailing list
>> > Oisf-users at openinfosecfoundation.org
>> > <mailto:Oisf-users at openinfosecfoundation.org>
>> > http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> >
>> >
>> >
>> >
>> > --
>> > Peter Manev
>> >
>> >
>> > _______________________________________________
>> > Oisf-users mailing list
>> > Oisf-users at openinfosecfoundation.org
>> > http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>
>>
>> --
>> ---------------------------------------------
>> Victor Julien
>> http://www.inliniac.net/
>> PGP: http://www.inliniac.net/victorjulien.asc
>> ---------------------------------------------
>>
>> _______________________________________________
>> Oisf-users mailing list
>> Oisf-users at openinfosecfoundation.org
>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>
>>
>>
>>
>> _______________________________________________
>> Oisf-users mailing list
>>
>> Oisf-users at openinfosecfoundation.org
>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
>
> --
> Regards,
> Peter Manev
>
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
----------------------------------------------------
Matt Jonkman
Emerging Threats Pro
Open Information Security Foundation (OISF)
Phone 866-504-2523 x110
http://www.emergingthreatspro.com
http://www.openinfosecfoundation.org
----------------------------------------------------
More information about the Oisf-users
mailing list