[Oisf-users] Suricata overload
Christophe Vandeplas
christophe at vandeplas.com
Mon Mar 10 09:52:43 UTC 2014
On Mon, Mar 10, 2014 at 8:38 AM, Michal Ć utta <michal.sutta at gmail.com> wrote:
> Hello,
>
> is there a way to find out how many packets were not processed because of
> the overload of Suricata ?
Make sure stats.log is activated in your yaml configuration.
- stats:
enabled: yes
filename: stats.log
interval: 60 # number of seconds
In that stats.log file you will see different keys containing the word
'drop', like:
- capture.kernel_drops
- tcp.segment_memcap_drop
- tcp.ssn_memcap_drop
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
More information about the Oisf-users
mailing list