[Oisf-devel] EXTERNAL: Adding more details to stats.log

Rasmor, Zachary R zachary.r.rasmor at lmco.com
Mon Jun 27 15:05:07 UTC 2016 

The stats log has a ‘tcp’ section that includes information about tcp packets with various flags (such as RST) set:

 

$ tail -1 suricata-stats.log | jq .stats.tcp

{

  "sessions": 5635423,

  "sessions_delta": 21781,

  "ssn_memcap_drop": 0,

  "ssn_memcap_drop_delta": 0,

  "pseudo": 2293001,

  "pseudo_delta": 8226,

  "pseudo_failed": 0,

  "pseudo_failed_delta": 0,

  "invalid_checksum": 5810,

  "invalid_checksum_delta": 41,

  "no_flow": 0,

  "no_flow_delta": 0,

  "syn": 8340424,

  "syn_delta": 26186,

  "synack": 4222135,

  "synack_delta": 19581,

  "rst": 3639829,

  "rst_delta": 13041,

  "segment_memcap_drop": 0,

  "segment_memcap_drop_delta": 0,

  "stream_depth_reached": 2117,

  "stream_depth_reached_delta": 20,

  "reassembly_gap": 96818,

  "reassembly_gap_delta": 42,

  "memuse": 3333264,

  "memuse_delta": 168336,

  "reassembly_memuse": 59549059,

  "reassembly_memuse_delta": 8085816

}

 

 

________________________

Zach Rasmor

Email:  <mailto:zachary.r.rasmor at lmco.com> zachary.r.rasmor at lmco.com

Office: 301.240.6116

 

From: Oisf-devel [mailto:oisf-devel-bounces at lists.openinfosecfoundation.org] On Behalf Of Sherine Davis (Security Engineering)
Sent: Monday, June 27, 2016 9:10 AM
To: oisf-devel at lists.openinfosecfoundation.org
Subject: EXTERNAL: [Oisf-devel] Adding more details to stats.log

 

Hello Sir,

It would be great if you can point me to the right direction in about getting details about the number of reset packets or packets of different flags, on the stats.log file 

 

Thank You

 

Regards,

Sherine Davis

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20160627/a39e6bf4/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 7804 bytes
Desc: not available
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20160627/a39e6bf4/attachment-0002.bin>

More information about the Oisf-devel mailing list