[Oisf-users] Monitoring stats log file (with Zabbix) to measure impact of fine-tuning config file
Christophe Vandeplas
christophe at vandeplas.com
Thu Nov 14 13:00:23 UTC 2013
Hi list,
For quite some time I've been facing performance and configuration
challenges with Suricata. One of my frustrations was that I could
barely measure the results of configuration changes I made, especially
because sometimes it takes hours before "things go wrong". Looking at
the stats.log file manually didn't really seem practical so I wanted
to integrate this in my monitoring tool to be able to plot graphs.
For this I needed to write a script that consolidated the stats.log
output, as counters are unique per thread it's kinda annoying to have
8 counters for the same thing if you're running with 8 threads like
me.
The script itself might be useful for anyone wanting to feed the
stats.log to another tool.
You'll find the story here:
http://christophe.vandeplas.com/2013/11/suricata-monitoring-with-zabbix-or-other.html
And the script and zabbix configuration here:
https://github.com/cvandeplas/suricata_stats
The zabbix xml template is not yet complete (still missing some
counters) but I'll do my best to add them later.
Hope it's useful for others.
Kind regards
Christophe
More information about the Oisf-users
mailing list