[Oisf-users] [oisf-users] Consolidating Stats File Results from Multiple Interface Monitoring

Josh White josh at securemind.org
Sun Feb 12 00:04:57 UTC 2012 

That would work, I was originally thinking even an option to append the
interface name and have have multiple stats files like stats.log.em1 or the
reverse em1.stats.log. However if it was more of a csv format then it would
be easier to graph in some cases.

On Fri, Feb 10, 2012 at 9:20 AM, Victor Julien <victor at inliniac.net> wrote:

> On 02/10/2012 02:44 AM, Peter Manev wrote:
> > Hi,
> >
> > I don't think this is possible(in suri), you could of course use some
> > bash/perl/your choice of scripting to achieve that.
>
> It's indeed not possible right now. I'm a bit torn on it, as I see use
> for both cases. Ideally we're have it both simultaneously. Maybe we
> should an easily parseble (csv or something) output option.
>
> Cheers,
> Victor
>
> >
> > Thanks
> >
> > On Thu, Feb 9, 2012 at 2:33 AM, Josh White <josh at securemind.org
> > <mailto:josh at securemind.org>> wrote:
> >
> >     When I run Suri to monitor multiple interfaces like "suricata -c
> >     /etc/suricata/suricata.yaml -i em1 -i em2 -i em3" the stats.log file
> >     has multiple entries for each stat. "one entry for each interface
> >     being monitored"
> >
> >     Is there an easy way to consolidate the stats so all the interface
> >     stats are consolidated?
> >
> >     Josh
> >
> >     _______________________________________________
> >     Oisf-users mailing list
> >     Oisf-users at openinfosecfoundation.org
> >     <mailto:Oisf-users at openinfosecfoundation.org>
> >     http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> >
> >
> >
> >
> > --
> > Peter Manev
> >
> >
> > _______________________________________________
> > Oisf-users mailing list
> > Oisf-users at openinfosecfoundation.org
> > http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
>
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20120211/3fc8ef6b/attachment-0002.html>

More information about the Oisf-users mailing list