[Oisf-users] Suricata Dag Users
Victor Julien
victor at inliniac.net
Thu Aug 30 14:53:04 UTC 2012
On 08/27/2012 07:41 PM, Marcos Rodriguez wrote:
>
>
> On Mon, Aug 27, 2012 at 6:57 AM, Victor Julien <victor at inliniac.net
> <mailto:victor at inliniac.net>> wrote:
>
> On 08/24/2012 06:44 PM, Marcos Rodriguez wrote:
> > Hi Everyone,
> >
> > Hope all is well! I have a question in regards to the
> source-erf-dag.c:534:
> >
> > [30919] 24/8/2012 -- 12:40:32 - (source-erf-dag.c:534) <Info>
> > (ReceiveErfDagThreadExitStats) -- Packets: 69313156; Bytes:
> 47785511412
> >
> > It would be nice if the drops were calculated for that output. Is
> this
> > possible? I currently just use dagconfig | grep drop_count to ensure
> > I'm not dropping. Should I just continue that, or could that be added
> > in the stats when Suri's done running? Thanks for your insight!
>
> If it's possible it's not immediately clear to me how. Hopefully one of
> the Endace guys can comment!
>
> Cheers,
> Victor
>
> Thanks, Victor! I totally forgot to add a point of reference using pcap:
>
> [1547] 27/8/2012 -- 13:43:52 - (source-pcap.c:580) <Info>
> (ReceivePcapThreadExitStats) -- (RxPcapeth11) Pcap Total:16 Recv:16
> Drop:0 (0.0%).
>
> I just thought it would add nice consistency across all supported
> sniffing mediums. Thanks again, and I'm all ears, or eyes, if you
> will. :o)
>
> marcos
>
Just noted this Endace DAQ module:
https://github.com/SgtMalicious/Endace-DAQ-Module/blob/master/daq_endace.c#L225
It does drops accounting, so I guess it's possible.
/me waits for Marcos' patches :)
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list