[Oisf-users] detect engine stats

Peter Manev petermanev at gmail.com
Tue Jul 2 06:28:46 UTC 2013 

On Mon, Jul 1, 2013 at 6:56 PM, Theodore Elhourani
<theodore.elhourani at gmail.com> wrote:
> There aren't enough statistics for UDP. The stats.log file does not say how
> many packets the detect threads have scanned.


decoder.pkts              | RxPcapeth01               | 9683
decoder.bytes             | RxPcapeth01               | 6431276
decoder.ipv4              | RxPcapeth01               | 9683
decoder.ipv6              | RxPcapeth01               | 0
decoder.ethernet          | RxPcapeth01               | 9683
decoder.raw               | RxPcapeth01               | 0
decoder.sll               | RxPcapeth01               | 0
decoder.tcp               | RxPcapeth01               | 5746
decoder.udp               | RxPcapeth01               | 369
decoder.sctp              | RxPcapeth01               | 0
decoder.icmpv4            | RxPcapeth01               | 0
decoder.icmpv6            | RxPcapeth01               | 0
decoder.ppp               | RxPcapeth01               | 0
decoder.pppoe             | RxPcapeth01               | 0
decoder.gre               | RxPcapeth01               | 0
decoder.vlan              | RxPcapeth01               | 0
decoder.teredo            | RxPcapeth01               | 0
decoder.ipv4_in_ipv6      | RxPcapeth01               | 0
decoder.ipv6_in_ipv6      | RxPcapeth01               | 0
decoder.avg_pkt_size      | RxPcapeth01               | 664
decoder.max_pkt_size      | RxPcapeth01               | 1482

You can see how many were scanned on a per thread basis in the stats.log-
decoder.udp               | RxPcapeth01               | 369


thanks


>
> Thanks
>
>
> On Sun, Jun 30, 2013 at 11:26 PM, Peter Manev <petermanev at gmail.com> wrote:
>>
>> Hi,
>>
>> On Mon, Jul 1, 2013 at 3:25 AM, Theodore Elhourani
>> <theodore.elhourani at gmail.com> wrote:
>> > Hi,
>> >
>> > I am trying to retrieve the number of packets/traffic size the detect
>> > threads scanned in a given run. For UDP-only traffic, the stats.log file
>> > does not contain any stats.
>>
>> Just to clarify - you have enabled the stats.log configuration in
>> suricata.yaml and after doing a run there are no statistics written?
>> (or you mean there are not enough statistics for UDP in particular)
>>
>> Thanks
>>
>> >Is there an alternative method for gathering
>> > stats, specifically on the performance of the detect threads?
>> >
>> > Thank you
>> > Ted
>> >
>> > _______________________________________________
>> > Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> > Site: http://suricata-ids.org | Support:
>> > http://suricata-ids.org/support/
>> > List:
>> > https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> > OISF: http://www.openinfosecfoundation.org/
>>
>>
>>
>> --
>> Regards,
>> Peter Manev
>
>



--
Regards,
Peter Manev

More information about the Oisf-users mailing list