[Oisf-users] Clarification on dropped packet counters
Gene Albin
gene.albin at gmail.com
Wed Aug 10 20:16:51 UTC 2011
Fernando,
I think the difference is where the packets are dropped. (please correct
me if I'm wrong). Drops from the memcap counters are because too few memory
resources have been assigned to the suricata engine, therefore the memory
buffer fills and Suricata drops the packet. On the other hand, the dropped
packets reported by (ReceivePcapThreadExitStats)are dropped at the pcap
level, before it even gets into Suricata. Indicative, I think, of a problem
in the OS or the hardware, but not in Suricata.
Any sage advice from those who know what they're talking about?
Gene
On Wed, Aug 10, 2011 at 12:36 PM, Will Metcalf <william.metcalf at gmail.com>wrote:
> > Will, I have a question. Is the number in dropped packets registered wher
> > Suricata stops is independent of the number of packets drops by
> memcap_drops
> > in stats.log?
>
> Yes
>
> On Wed, Aug 10, 2011 at 2:34 PM, Fernando Ortiz
> <fernando.ortiz.f at gmail.com> wrote:
> > Will, I have a question. Is the number in dropped packets registered wher
> > Suricata stops is independent of the number of packets drops by
> memcap_drops
> > in stats.log?
> >
> > Cheers,
> > Fernando
> >
>
--
Gene Albin
gene.albin at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20110810/2b6e380c/attachment-0002.html>
More information about the Oisf-users
mailing list