[Oisf-users] Percentage of dropped packets
Peter Bates
peter.bates at ucl.ac.uk
Tue May 29 15:03:00 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello all
Apologies for what are probably FAQs.
Being reasonably used to the Snort perfmonitor output, I'm trying to
understand which line in stats.log might refer to dropped packets.
Suricata is (when foregrounded) saying things like:
[5535] 29/5/2012 -- 15:56:04 - (flow-manager.c:510) <Info>
(FlowManagerThread) -- Flow emergency mode over, back to normal...
unsetting FLOW_EMERGENCY bit (ts.tv_sec: 1338303363,
ts.tv_usec:940223) flow_spare_q status(): 1062% flows at the queue
And in stats.log I'm seeing:
Date: 5/29/2012 -- 15:56:33 (uptime: 0d, 01h 31m 23s)
- -------------------------------------------------------------------
Counter | TM Name | Value
- -------------------------------------------------------------------
flow_mgr.closed_pruned | FlowManagerThread | 10540043
flow_mgr.new_pruned | FlowManagerThread | 4116068
flow_mgr.est_pruned | FlowManagerThread | 200991
flow.memuse | FlowManagerThread | 30501404
flow.spare | FlowManagerThread | 10233
flow.emerg_mode_entered | FlowManagerThread | 118
flow.emerg_mode_over | FlowManagerThread | 118
decoder.pkts | AFPacketeth61 | 179519552
decoder.bytes | AFPacketeth61 | 142002380276
decoder.ipv4 | AFPacketeth61 | 179554718
decoder.ipv6 | AFPacketeth61 | 379469
decoder.ethernet | AFPacketeth61 | 179519552
decoder.raw | AFPacketeth61 | 0
decoder.sll | AFPacketeth61 | 0
decoder.tcp | AFPacketeth61 | 151975697
decoder.udp | AFPacketeth61 | 26584288
decoder.sctp | AFPacketeth61 | 0
decoder.icmpv4 | AFPacketeth61 | 88177
decoder.icmpv6 | AFPacketeth61 | 21233
decoder.ppp | AFPacketeth61 | 406824
decoder.pppoe | AFPacketeth61 | 0
decoder.gre | AFPacketeth61 | 406843
decoder.vlan | AFPacketeth61 | 0
decoder.avg_pkt_size | AFPacketeth61 | 791
decoder.max_pkt_size | AFPacketeth61 | 1514
defrag.ipv4.fragments | AFPacketeth61 | 375839
defrag.ipv4.reassembled | AFPacketeth61 | 35789
defrag.ipv4.timeouts | AFPacketeth61 | 0
defrag.ipv6.fragments | AFPacketeth61 | 35
defrag.ipv6.reassembled | AFPacketeth61 | 0
defrag.ipv6.timeouts | AFPacketeth61 | 0
tcp.sessions | AFPacketeth61 | 1809706
tcp.ssn_memcap_drop | AFPacketeth61 | 0
tcp.pseudo | AFPacketeth61 | 216
tcp.invalid_checksum | AFPacketeth61 | 42560
tcp.no_flow | AFPacketeth61 | 0
tcp.reused_ssn | AFPacketeth61 | 67
tcp.memuse | AFPacketeth61 | 4325376
tcp.syn | AFPacketeth61 | 1878430
tcp.synack | AFPacketeth61 | 1295929
tcp.rst | AFPacketeth61 | 405377
tcp.segment_memcap_drop | AFPacketeth61 | 0
tcp.stream_depth_reached | AFPacketeth61 | 1
tcp.reassembly_memuse | AFPacketeth61 | 15422350
tcp.reassembly_gap | AFPacketeth61 | 4894
detect.alert | AFPacketeth61 | 630
Both values with 'drop' in their name are 0, is there a reported value
in this list that corresponds to 'packets dropped'?
Thanks.
- --
Peter Bates
Senior Computer Security Officer Phone: +44(0)2076792049
Information Services Division Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJPxOUjAAoJELhVoVpEMS6RNTgIAKXj7znzOGlRRbaUhmQsF0W4
uilt4HsGrhmJYvYraJJcjt9LHpefX1TllAeo26DsNbWhpck9W2UJhd0UmnsbAeWc
LlCt3bGVcXV5x1ElhLQD4SeFyP2eYHAL7IZXtum5OG7qBthDhMiSVe49SdRHGupk
RZL1ScgZp0dnLenbYQCPg+MYwlJ+B6xVrCbkvSeOM4P0zSTmqqoyccrLQzVWvnaF
dNWFucim5mBOTze/BGq/6KLSncHPJHR/5wwJYa7O4JtLK2fJCPeChFJzfuE7Zv3h
YJxpuxTe5wRoN8jiFOdux7YFxfHPuRq9Ud1ChPQahN7K/F6NVCYgM+s+YQ1Y6FM=
=5MmP
-----END PGP SIGNATURE-----
More information about the Oisf-users
mailing list