[Oisf-users] stats.log file

David Rodrigues david.network.security at gmail.com
Mon Feb 14 03:42:06 EST 2011


Hi all,

Regarding point 2. I would like to say that Suricata output is a bit confuse.

I'm testing Suricata with pf-ring, so my output looks like:

[22504] 13/2/2011 -- 23:59:01 - (source-pfring.c:313) <Info>
(ReceivePfringThreadExitStats) -- (ReceivePfring) Packets 3126352683,
bytes 6709029928781
[22504] 13/2/2011 -- 23:59:01 - (source-pfring.c:317) <Info>
(ReceivePfringThreadExitStats) -- (ReceivePfring) Pfring
Total:7701324177 Recv:7421319979 Drop:280004198 (3.6%)

I have been running empirical tests on the network. The 3.6% drop rate
is definitively wrong.

However if I divide 3126352683 (packets analyzed by Suricata) by
7701324177 (total number of packets) the result is 0.41 (41%). This
drop rate seems to be the correct one. Can someone confirm (or not)
this?

Cheers,

David

On Wed, Feb 9, 2011 at 11:23 PM, Victor Julien <victor at inliniac.net> wrote:
> On 02/09/2011 04:45 AM, ali wrote:
>> Hi all,
>>
>> can anybody help me to solve my questions:-
>>
>> 1. After compiling suricata, why i get two tables in stats.log file?.
>
> By default Suricata will write one "table" each 8 seconds.
>
>> 2. where can i see the packet drop/packet analysed/packet received
>> information?.
>
> At shutdown Suricata will print this information to the screen.
>
> Cheers,
> Victor
>
>>
>> _______________________________________________
>> Oisf-users mailing list
>> Oisf-users at openinfosecfoundation.org
>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>
>
>
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>


More information about the Oisf-users mailing list