[Oisf-users] [oisf-users] Consolidating Stats File Results from Multiple Interface Monitoring

Peter Manev petermanev at gmail.com
Sun Feb 12 16:54:51 UTC 2012 

On 2/12/2012 1:04 AM, Josh White wrote:
> That would work, I was originally thinking even an option to append 
> the interface name and have have multiple stats files like 
> stats.log.em1 or the reverse em1.stats.log. However if it was more of 
> a csv format then it would be easier to graph in some cases.
>
> On Fri, Feb 10, 2012 at 9:20 AM, Victor Julien <victor at inliniac.net 
> <mailto:victor at inliniac.net>> wrote:
>
>     On 02/10/2012 02:44 AM, Peter Manev wrote:
>     > Hi,
>     >
>     > I don't think this is possible(in suri), you could of course use
>     some
>     > bash/perl/your choice of scripting to achieve that.
>
>     It's indeed not possible right now. I'm a bit torn on it, as I see use
>     for both cases. Ideally we're have it both simultaneously. Maybe we
>     should an easily parseble (csv or something) output option.
>
Actually I am very fond of the csv availability (in yaml maybe? ) for 
the different log files output.  I agree with Josh  - there are plenty 
of tools that make graphing possible (using csv files) and it would also 
come in handy for GeoIP visualization.


>     Cheers,
>     Victor
>
>     >
>     > Thanks
>     >
>     > On Thu, Feb 9, 2012 at 2:33 AM, Josh White <josh at securemind.org
>     <mailto:josh at securemind.org>
>     > <mailto:josh at securemind.org <mailto:josh at securemind.org>>> wrote:
>     >
>     >     When I run Suri to monitor multiple interfaces like "suricata -c
>     >     /etc/suricata/suricata.yaml -i em1 -i em2 -i em3" the
>     stats.log file
>     >     has multiple entries for each stat. "one entry for each
>     interface
>     >     being monitored"
>     >
>     >     Is there an easy way to consolidate the stats so all the
>     interface
>     >     stats are consolidated?
>     >
>     >     Josh
>     >
>     >     _______________________________________________
>     >     Oisf-users mailing list
>     > Oisf-users at openinfosecfoundation.org
>     <mailto:Oisf-users at openinfosecfoundation.org>
>     > <mailto:Oisf-users at openinfosecfoundation.org
>     <mailto:Oisf-users at openinfosecfoundation.org>>
>     > http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>     >
>     >
>     >
>     >
>     > --
>     > Peter Manev
>     >
>     >
>     > _______________________________________________
>     > Oisf-users mailing list
>     > Oisf-users at openinfosecfoundation.org
>     <mailto:Oisf-users at openinfosecfoundation.org>
>     > http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
>
>     --
>     ---------------------------------------------
>     Victor Julien
>     http://www.inliniac.net/
>     PGP: http://www.inliniac.net/victorjulien.asc
>     ---------------------------------------------
>
>     _______________________________________________
>     Oisf-users mailing list
>     Oisf-users at openinfosecfoundation.org
>     <mailto:Oisf-users at openinfosecfoundation.org>
>     http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
>
>
>
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users


-- 
Regards,
Peter Manev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20120212/eb24b05f/attachment-0002.html>

More information about the Oisf-users mailing list