[Oisf-users] Suricata overload

Christophe Vandeplas christophe at vandeplas.com
Mon Mar 10 09:52:43 UTC 2014

On Mon, Mar 10, 2014 at 8:38 AM, Michal Ć utta <michal.sutta at gmail.com> wrote:
> Hello,
> is there a way to find out how many packets were not processed because of
> the overload of Suricata ?

Make sure stats.log is activated in your yaml configuration.
  - stats:
      enabled: yes
      filename: stats.log
      interval: 60 # number of seconds

In that stats.log file you will see different keys containing the word
'drop', like:
- capture.kernel_drops
- tcp.segment_memcap_drop
- tcp.ssn_memcap_drop

> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/

More information about the Oisf-users mailing list