[Oisf-users] statistics

Victor Julien victor at inliniac.net
Wed Dec 4 08:41:17 UTC 2013 

> There are two log files i am confused about.
> 
> *cat packet_stats.log*
> 
> 
> Packet profile dump:
> 
> *IP ver   Proto   cnt            min            max           
> avg            tot           %%
> ------   -----   ----------     ------------   ------------  
> -----------    -----------   ---
>  IPv4       1             6           449922         594968       
> 536455          3.2m    0.00
>  IPv4       2             6           125037         262669       
> 207080          1.2m    0.00
>  IPv4       6         27360           153142     3084837415    
> 926960426      25361.6b  100.00
>  IPv6      58             2           852214        1102046       
> 977130          2.0m    0.00
> Note: Protocol 256 tracks pseudo/tunnel packets.*
> 
> Whats this is?Actually please explain the table i mean what is this
> Proto as ip ver is IPv4 then what is this cnt,min,max?

cnt = number of packets
min = lowest cost in ticks we saw
max = highest cost in ticks we saw



> AND
> 
> # *cat /var/log/suricata/stats.log*
> -------------------------------------------------------------------
> Date: 11/29/2013 -- 18:15:50 (uptime: 0d, 00h 00m 16s)
> -------------------------------------------------------------------
> Counter                   | TM Name                   | Value
> -------------------------------------------------------------------
> capture.kernel_packets    | RxPcapeth21               | 0
> capture.kernel_drops      | RxPcapeth21               | 0
> capture.kernel_ifdrops    | RxPcapeth21               | 0
> decoder.pkts              | RxPcapeth21               | 0
> decoder.bytes             | RxPcapeth21               | 0
> decoder.ipv4              | RxPcapeth21               | 0
> decoder.ipv6              | RxPcapeth21               | 0
> decoder.ethernet          | RxPcapeth21               | 0
> decoder.raw               | RxPcapeth21               | 0
> decoder.sll               | RxPcapeth21               | 0
> decoder.tcp               | RxPcapeth21               | 0
> decoder.udp               | RxPcapeth21               | 0
> tcp.stream_depth_reached  | Detect                    | 0
> tcp.reassembly_memuse     | Detect                    | 0
> tcp.reassembly_gap        | Detect                    | 0
> detect.alert              | Detect                    | 0
> flow_mgr.closed_pruned    | FlowManagerThread         | 0
> flow_mgr.new_pruned       | FlowManagerThread         | 0
> flow_mgr.est_pruned       | FlowManagerThread         | 0
> flow.memuse               | FlowManagerThread         | 7074304
> flow.spare                | FlowManagerThread         | 10000
> flow.emerg_mode_entered   | FlowManagerThread         | 0
> flow.emerg_mode_over      | FlowManagerThread         | 0
> 
> *What is this RxPcapeth21 Detect FlowManagerThread?*

thread names
RxPcapeth21 = thread1 on eth2
FlowManagerThread = flow manager, handles flow hash management and times
flows out

-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------

More information about the Oisf-users mailing list