[Oisf-users] (no subject)
Berk Gulenler
gulenler at boun.edu.tr
Mon Mar 24 11:43:31 UTC 2014
What about the other af-packet cluster memebers on eth7?
Try raising the value of max-pending-packets.
On 03/24/2014 01:23 PM, Travel Factory S.r.l. wrote:
>
>> You can check stats.log for more clues.
>>
>
>
> I post the stats for one core and for flow. Please note that
> capture.kernel_drops increases during suricata startup and then
> increases no more.
> I see nothing strange in it but I'm not an expert...
>
>
> capture.kernel_packets | AFPacketeth78 | 39271544
> capture.kernel_drops | AFPacketeth78 | 47434
> decoder.pkts | AFPacketeth78 | 39224023
> decoder.bytes | AFPacketeth78 | 25794797258
> decoder.ipv4 | AFPacketeth78 | 39220226
> decoder.ipv6 | AFPacketeth78 | 4216
> decoder.ethernet | AFPacketeth78 | 39224023
> decoder.raw | AFPacketeth78 | 0
> decoder.sll | AFPacketeth78 | 0
> decoder.tcp | AFPacketeth78 | 38709446
> decoder.udp | AFPacketeth78 | 468016
> decoder.sctp | AFPacketeth78 | 0
> decoder.icmpv4 | AFPacketeth78 | 21664
> decoder.icmpv6 | AFPacketeth78 | 2168
> decoder.ppp | AFPacketeth78 | 0
> decoder.pppoe | AFPacketeth78 | 0
> decoder.gre | AFPacketeth78 | 0
> decoder.vlan | AFPacketeth78 | 0
> decoder.teredo | AFPacketeth78 | 374
> decoder.ipv4_in_ipv6 | AFPacketeth78 | 0
> decoder.ipv6_in_ipv6 | AFPacketeth78 | 0
> decoder.avg_pkt_size | AFPacketeth78 | 658
> decoder.max_pkt_size | AFPacketeth78 | 1514
> defrag.ipv4.fragments | AFPacketeth78 | 188
> defrag.ipv4.reassembled | AFPacketeth78 | 61
> defrag.ipv4.timeouts | AFPacketeth78 | 0
> defrag.ipv6.fragments | AFPacketeth78 | 0
> defrag.ipv6.reassembled | AFPacketeth78 | 0
> defrag.ipv6.timeouts | AFPacketeth78 | 0
> defrag.max_frag_hits | AFPacketeth78 | 0
> tcp.sessions | AFPacketeth78 | 213079
> tcp.ssn_memcap_drop | AFPacketeth78 | 0
> tcp.pseudo | AFPacketeth78 | 4311
> tcp.invalid_checksum | AFPacketeth78 | 0
> tcp.no_flow | AFPacketeth78 | 0
> tcp.reused_ssn | AFPacketeth78 | 10
> tcp.memuse | AFPacketeth78 | 1840000000
> tcp.syn | AFPacketeth78 | 448996
> tcp.synack | AFPacketeth78 | 425954
> tcp.rst | AFPacketeth78 | 44414
> tcp.segment_memcap_drop | AFPacketeth78 | 0
> tcp.stream_depth_reached | AFPacketeth78 | 1
> tcp.reassembly_memuse | AFPacketeth78 | 612577353
> tcp.reassembly_gap | AFPacketeth78 | 5901
> detect.alert | AFPacketeth78 | 60
>
> flow_mgr.closed_pruned | FlowManagerThread | 3249197
> flow_mgr.new_pruned | FlowManagerThread | 466734
> flow_mgr.est_pruned | FlowManagerThread | 787118
> flow.memuse | FlowManagerThread | 7433952
> flow.spare | FlowManagerThread | 11109
> flow.emerg_mode_entered | FlowManagerThread | 0
> flow.emerg_mode_over | FlowManagerThread | 0
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
More information about the Oisf-users
mailing list