[Oisf-users] What does it means??
C. L. Martinez
carlopmart at gmail.com
Wed Oct 9 12:28:26 UTC 2013
Hi all,
Recently, I have installed a FreeBSD 9.2 host with suricata 1.4.6 and
returns me a lot of packets dropped by kernel:
For example after 2 minutes up:
Date: 10/9/2013 -- 12:19:50 (uptime: 0d, 00h 02m 58s)
-------------------------------------------------------------------
Counter | TM Name | Value
-------------------------------------------------------------------
capture.kernel_packets | RxPcapem41 | 3137698
capture.kernel_drops | RxPcapem41 | 2415508
capture.kernel_ifdrops | RxPcapem41 | 0
But tcp.ssn_memcap_drop and tcp.reassembly_gap:
decoder.avg_pkt_size | RxPcapem42 | 828
decoder.max_pkt_size | RxPcapem42 | 1514
defrag.ipv4.fragments | RxPcapem42 | 90
defrag.ipv4.reassembled | RxPcapem42 | 25
defrag.ipv4.timeouts | RxPcapem42 | 0
defrag.ipv6.fragments | RxPcapem42 | 0
defrag.ipv6.reassembled | RxPcapem42 | 0
defrag.ipv6.timeouts | RxPcapem42 | 0
defrag.max_frag_hits | RxPcapem42 | 0
tcp.sessions | RxPcapem42 | 308
tcp.ssn_memcap_drop | RxPcapem42 | 0
tcp.pseudo | RxPcapem42 | 23
tcp.invalid_checksum | RxPcapem42 | 0
tcp.no_flow | RxPcapem42 | 0
tcp.reused_ssn | RxPcapem42 | 0
tcp.memuse | RxPcapem42 | 6029312
tcp.syn | RxPcapem42 | 1261
tcp.synack | RxPcapem42 | 702
tcp.rst | RxPcapem42 | 565
tcp.segment_memcap_drop | RxPcapem42 | 0
tcp.stream_depth_reached | RxPcapem42 | 0
tcp.reassembly_memuse | RxPcapem42 | 11327048
tcp.reassembly_gap | RxPcapem42 | 23
I think the problem is with interrupts:
interrupt total rate
irq1: atkbd0 6 0
irq10: em2 em3 2320880 3453
irq11: em0 em1 em4+ 1256951 1870
cpu0:timer 148773 221
cpu1:timer 148310 220
Total 3877066 5769
Am I right??
More information about the Oisf-users
mailing list