<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><br><div><br>On 26 Nov 2017, at 19:34, Cooper F. Nelson <<a href="mailto:cnelson@ucsd.edu">cnelson@ucsd.edu</a>> wrote:<br><br></div><blockquote type="cite"><div><span>I'm specifically trying to get metrics for peak usage of the tcp</span><br><span>segments pool, like this:</span><br><blockquote type="cite"><span>25/5/2014 -- 00:36:29 - <Info> - TCP segment pool of size 4 had a peak</span><br></blockquote><blockquote type="cite"><span>use of 2041 segments, more than the prealloc setting of 256</span><br></blockquote><span></span><br></div></blockquote><div><br></div><div>This is diff and redone  in 4+ (so you will not see similar to the above msg you refer to)</div><div><a href="https://redmine.openinfosecfoundation.org/projects/suricata/repository/revisions/master/entry/suricata.yaml.in#L1247">https://redmine.openinfosecfoundation.org/projects/suricata/repository/revisions/master/entry/suricata.yaml.in#L1247</a></div><div><br></div><div><br></div><br><blockquote type="cite"><div><span>The -vvv flag provides more data, but not this information unfortunately.</span><br><span></span><br><span>-Coop</span><br><span></span><br><span>On 11/26/2017 10:18 AM, Peter Manev wrote:</span><br><blockquote type="cite"><span>In general running in the command line with “-vvv” with a default suricata.yaml will produce quite a verbose output - is that what you are after ? (Or you need more verbose suricata.log?)</span><br></blockquote><span></span><br><span></span><br><span>-- </span><br><span>Cooper Nelson</span><br><span>Network Security Analyst</span><br><span>UCSD ITS Security Team</span><br><span><a href="mailto:cnelson@ucsd.edu">cnelson@ucsd.edu</a> x41042</span><br><span></span><br><span></span><br></div></blockquote></body></html>