<html><head></head><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px"><div id="yui_3_16_0_ym19_1_1479301139827_2989"><span id="yui_3_16_0_ym19_1_1479301139827_2991">When I say examine the settings in the YAML file I am considering taking these values, and based on what I know about how the sensor is running, I could find places for improvement.  For example, I am seeing high cpu utilization and notice I am only using 4 out of 16 possible threads.  That should lower the score.  That however, is a long ways away.</span></div><div class="qtdSeparateBR" id="yui_3_16_0_ym19_1_1479301139827_2988"><br><br></div><div class="yahoo_quoted" id="yui_3_16_0_ym19_1_1479301139827_2961" style="display: block;">  <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;" id="yui_3_16_0_ym19_1_1479301139827_2960"> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;" id="yui_3_16_0_ym19_1_1479301139827_2959"> <div dir="ltr" id="yui_3_16_0_ym19_1_1479301139827_2987"> <font size="2" face="Arial" id="yui_3_16_0_ym19_1_1479301139827_2990"> <hr size="1" id="yui_3_16_0_ym19_1_1479301139827_3040"> <b><span style="font-weight:bold;">From:</span></b> Andreas Herz <andi@geekosphere.org><br> <b><span style="font-weight: bold;">To:</span></b> oisf-users@lists.openinfosecfoundation.org <br> <b><span style="font-weight: bold;">Sent:</span></b> Tuesday, November 15, 2016 5:33 PM<br> <b><span style="font-weight: bold;">Subject:</span></b> Re: [Oisf-users] Description of Suricata Statistics<br> </font> </div> <div class="y_msg_container" id="yui_3_16_0_ym19_1_1479301139827_2958"><br>On 15/11/16 at 17:21, Charles DeVoe wrote:<br clear="none">> Next, in the Suricata stats file there are many counters/values.  Some<br clear="none">> of them are intuitively obvious as to what they are (almost).  Is<br clear="none">> there someplace where there is a description of what all of these<br clear="none">> values are measuring and how they are measured? <br clear="none"><br clear="none">In the code :) But yes we might want to add a description to the docs as<br clear="none">well.<div class="yqt7755656458" id="yqtfd51463"><br clear="none"><br clear="none">> I have an environment with 150 sensors all measuring 150 unique<br clear="none">> networks all with different hardware.  My objective is to create an<br clear="none">> application or script that will examine these values to give me a<br clear="none">> score on how well the sensor is performing.  I intend to include CPU,<br clear="none">> Memory, and Network utilization as well as examine the settings in the<br clear="none">> YAML file.</div><br clear="none"><br clear="none">I'm not sure what you mean with "examine the settings in the YAML file",<br clear="none">could you explain what you're thinking about?<br clear="none"><br clear="none">-- <br clear="none">Andreas Herz<br clear="none">_______________________________________________<br clear="none">Suricata IDS Users mailing list: <a shape="rect" ymailto="mailto:oisf-users@openinfosecfoundation.org" href="mailto:oisf-users@openinfosecfoundation.org">oisf-users@openinfosecfoundation.org</a><br clear="none">Site: <a shape="rect" href="http://suricata-ids.org/" target="_blank">http://suricata-ids.org </a>| Support: <a shape="rect" href="http://suricata-ids.org/support/" target="_blank">http://suricata-ids.org/support/</a><br clear="none">List: <a shape="rect" href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br clear="none">Suricata User Conference November 9-11 in Washington, DC: <a shape="rect" href="http://suricon.net/" target="_blank">http://suricon.net</a><br><br></div> </div> </div>  </div></div></body></html>