<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 2/12/2012 1:04 AM, Josh White wrote:
<blockquote
cite="mid:CACPf9aLLLer4qTCppLnBw5VxG5jkiufNTU4ff1-ray0NRkQ_VQ@mail.gmail.com"
type="cite">That would work, I was originally thinking even an
option to append the interface name and have have multiple stats
files like stats.log.em1 or the reverse em1.stats.log. However if
it was more of a csv format then it would be easier to graph in
some cases. <br>
<br>
<div class="gmail_quote">On Fri, Feb 10, 2012 at 9:20 AM, Victor
Julien <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:victor@inliniac.net">victor@inliniac.net</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt
0.8ex; border-left: 1px solid rgb(204, 204, 204);
padding-left: 1ex;">
<div class="im">On 02/10/2012 02:44 AM, Peter Manev wrote:<br>
> Hi,<br>
><br>
> I don't think this is possible(in suri), you could of
course use some<br>
> bash/perl/your choice of scripting to achieve that.<br>
<br>
</div>
It's indeed not possible right now. I'm a bit torn on it, as I
see use<br>
for both cases. Ideally we're have it both simultaneously.
Maybe we<br>
should an easily parseble (csv or something) output option.<br>
<br>
</blockquote>
</div>
</blockquote>
Actually I am very fond of the csv availability (in yaml maybe? )
for the different log files output. I agree with Josh - there are
plenty of tools that make graphing possible (using csv files) and it
would also come in handy for GeoIP visualization.<br>
<br>
<br>
<blockquote
cite="mid:CACPf9aLLLer4qTCppLnBw5VxG5jkiufNTU4ff1-ray0NRkQ_VQ@mail.gmail.com"
type="cite">
<div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
Cheers,<br>
Victor<br>
<div class="im"><br>
><br>
> Thanks<br>
><br>
> On Thu, Feb 9, 2012 at 2:33 AM, Josh White <<a
moz-do-not-send="true" href="mailto:josh@securemind.org">josh@securemind.org</a><br>
</div>
<div class="im">> <mailto:<a moz-do-not-send="true"
href="mailto:josh@securemind.org">josh@securemind.org</a>>>
wrote:<br>
><br>
> When I run Suri to monitor multiple interfaces like
"suricata -c<br>
> /etc/suricata/suricata.yaml -i em1 -i em2 -i em3"
the stats.log file<br>
> has multiple entries for each stat. "one entry for
each interface<br>
> being monitored"<br>
><br>
> Is there an easy way to consolidate the stats so
all the interface<br>
> stats are consolidated?<br>
><br>
> Josh<br>
><br>
> _______________________________________________<br>
> Oisf-users mailing list<br>
> <a moz-do-not-send="true"
href="mailto:Oisf-users@openinfosecfoundation.org">Oisf-users@openinfosecfoundation.org</a><br>
</div>
> <mailto:<a moz-do-not-send="true"
href="mailto:Oisf-users@openinfosecfoundation.org">Oisf-users@openinfosecfoundation.org</a>><br>
<div class="im">> <a moz-do-not-send="true"
href="http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users"
target="_blank">http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
><br>
><br>
><br>
><br>
> --<br>
> Peter Manev<br>
><br>
><br>
> _______________________________________________<br>
> Oisf-users mailing list<br>
> <a moz-do-not-send="true"
href="mailto:Oisf-users@openinfosecfoundation.org">Oisf-users@openinfosecfoundation.org</a><br>
> <a moz-do-not-send="true"
href="http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users"
target="_blank">http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
<br>
<br>
--<br>
</div>
---------------------------------------------<br>
Victor Julien<br>
<a moz-do-not-send="true" href="http://www.inliniac.net/"
target="_blank">http://www.inliniac.net/</a><br>
PGP: <a moz-do-not-send="true"
href="http://www.inliniac.net/victorjulien.asc"
target="_blank">http://www.inliniac.net/victorjulien.asc</a><br>
---------------------------------------------<br>
<div class="HOEnZb">
<div class="h5"><br>
_______________________________________________<br>
Oisf-users mailing list<br>
<a moz-do-not-send="true"
href="mailto:Oisf-users@openinfosecfoundation.org">Oisf-users@openinfosecfoundation.org</a><br>
<a moz-do-not-send="true"
href="http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users"
target="_blank">http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
<br>
</div>
</div>
</blockquote>
</div>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Oisf-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Oisf-users@openinfosecfoundation.org">Oisf-users@openinfosecfoundation.org</a>
<a class="moz-txt-link-freetext" href="http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users">http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a>
</pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Regards,
Peter Manev</pre>
</body>
</html>