
<html><head></head><body><div style="font-family: Verdana;font-size: 12.0px;"><div>> /opt/suricata/bin/suricata -V<br/>

This is Suricata version 3.2beta1 RELEASE<br/>

 </div>


<div>/opt/suricata/bin/suricata -c /opt/suricata/etc/suricata/suricata.yaml -k none -r $PCAP -S $FILE</div>


<div> </div>


<div>I've  been testing out Suricata for a little bit now and I've noticed some inconsistent results from alerts in the fast.log file.  When I read in a pcap using -r I end up with a total alert count of 68-72 alerts in the file.  I have been using the same PCAP file and same rules duing each test.  I pulled some information from the stats.log file and noticed along with the detect.alert changing, some of the other values changed.  I would think that reading in a PCAP would result in the same information each time.  Is this typical, an error, or just some kind of misconfiguration in the suricata.yaml fille.</div>


<div> </div>


<div>Also,  I added --simulated-ips to the command line option and on the same PCAP and rules file I end up with 128-132 alerts.  It still varies the same way as before but there's a much greater number of alerts, any ideas?</div>


<div> </div>


<div><br/>

Date: 3/14/2017 -- 09:12:45 (uptime: 0d, 00h 00m 00s)</div>


<div>...<br/>

detect.alert                               | Total                     | 68</div>


<div>...</div>


<div>app_layer.flow.http                    | Total                     | 62<br/>

...</div>


<div>flow.spare                                 | Total                     | 9996<br/>

flow_mgr.flows_checked             | Total                     | 23<br/>

flow_mgr.flows_notimeout          | Total                     | 23<br/>

flow_mgr.rows_checked             | Total                     | 65536<br/>

flow_mgr.rows_skipped              | Total                     | 65513<br/>

flow_mgr.rows_maxlen               | Total                     | 1<br/>

tcp.memuse                               | Total                     | 819200<br/>

tcp.reassembly_memuse             | Total                     | 12320544<br/>

flow.memuse                              | Total                     | 7175616<br/>

 </div>


<div> </div>


<div>Date: 3/14/2017 -- 09:50:02 (uptime: 0d, 00h 00m 00s)<br/>

...</div>


<div>detect.alert                               | Total                     | 72<br/>

...</div>


<div>app_layer.flow.http                    | Total                     | 64</div>


<div>...</div>


<div>flow.spare                                 | Total                     | 9995<br/>

flow_mgr.flows_checked             | Total                     | 19<br/>

flow_mgr.flows_notimeout           | Total                     | 19<br/>

flow_mgr.rows_checked               | Total                     | 65536<br/>

flow_mgr.rows_skipped                | Total                     | 65517<br/>

flow_mgr.rows_maxlen                 | Total                     | 1<br/>

tcp.memuse                                 | Total                     | 819200<br/>

tcp.reassembly_memuse               | Total                     | 12320544<br/>

flow.memuse                                | Total                     | 7180056</div>


<div> </div>


<div>Thanks!<br/>

 </div></div></body></html>