[Oisf-users] more packets decoded than captured
Theodore Elhourani
theodore.elhourani at gmail.com
Fri Jul 5 01:16:28 UTC 2013
In a test run the suricata is reporting in the stats.log file a larger
number of decoded packets than captured:
$ cat /var/log/suricata/stats.log | grep "kernel_packets\|decoder.pkt" |
tail -8
capture.kernel_packets | RxAFP1 | 207491
decoder.pkts | RxAFP1 | 207901
capture.kernel_packets | RxAFP2 | 197046
decoder.pkts | RxAFP2 | 197731
capture.kernel_packets | RxAFP3 | 197980
decoder.pkts | RxAFP3 | 198568
capture.kernel_packets | RxAFP4 | 213311
decoder.pkts | RxAFP4 | 214289
total captured = 815828
total decoded = 818489
in which cases can this happen ?
Thanks
Ted
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20130704/272f066c/attachment-0001.html>
More information about the Oisf-users
mailing list