[Oisf-users] (no subject)
Peter Manev
petermanev at gmail.com
Mon Mar 24 12:23:12 UTC 2014
On Mon, Mar 24, 2014 at 12:23 PM, Travel Factory S.r.l.
<mc8647 at mclink.it> wrote:
>
>> You can check stats.log for more clues.
>>
>
>
> I post the stats for one core and for flow. Please note that
> capture.kernel_drops increases during suricata startup and then increases no
> more.
> I see nothing strange in it but I'm not an expert...
>
Sorry , I sent the previous e-mail too fast :)
You have :
tcp.reassembly_gap | AFPacketeth78 | 5901
which can be the reason for your packet drops.
>From what you have posted and describe in the mail (stats.log) - the
packet loss i minimal and justified maybe (reassembly gaps)
I am not sure what is it that you are trying to solve/achieve .... - 0
packet drops?
>
> capture.kernel_packets | AFPacketeth78 | 39271544
> capture.kernel_drops | AFPacketeth78 | 47434
> decoder.pkts | AFPacketeth78 | 39224023
> decoder.bytes | AFPacketeth78 | 25794797258
> decoder.ipv4 | AFPacketeth78 | 39220226
> decoder.ipv6 | AFPacketeth78 | 4216
> decoder.ethernet | AFPacketeth78 | 39224023
> decoder.raw | AFPacketeth78 | 0
> decoder.sll | AFPacketeth78 | 0
> decoder.tcp | AFPacketeth78 | 38709446
> decoder.udp | AFPacketeth78 | 468016
> decoder.sctp | AFPacketeth78 | 0
> decoder.icmpv4 | AFPacketeth78 | 21664
> decoder.icmpv6 | AFPacketeth78 | 2168
> decoder.ppp | AFPacketeth78 | 0
> decoder.pppoe | AFPacketeth78 | 0
> decoder.gre | AFPacketeth78 | 0
> decoder.vlan | AFPacketeth78 | 0
> decoder.teredo | AFPacketeth78 | 374
> decoder.ipv4_in_ipv6 | AFPacketeth78 | 0
> decoder.ipv6_in_ipv6 | AFPacketeth78 | 0
> decoder.avg_pkt_size | AFPacketeth78 | 658
> decoder.max_pkt_size | AFPacketeth78 | 1514
> defrag.ipv4.fragments | AFPacketeth78 | 188
> defrag.ipv4.reassembled | AFPacketeth78 | 61
> defrag.ipv4.timeouts | AFPacketeth78 | 0
> defrag.ipv6.fragments | AFPacketeth78 | 0
> defrag.ipv6.reassembled | AFPacketeth78 | 0
> defrag.ipv6.timeouts | AFPacketeth78 | 0
> defrag.max_frag_hits | AFPacketeth78 | 0
> tcp.sessions | AFPacketeth78 | 213079
> tcp.ssn_memcap_drop | AFPacketeth78 | 0
> tcp.pseudo | AFPacketeth78 | 4311
> tcp.invalid_checksum | AFPacketeth78 | 0
> tcp.no_flow | AFPacketeth78 | 0
> tcp.reused_ssn | AFPacketeth78 | 10
> tcp.memuse | AFPacketeth78 | 1840000000
> tcp.syn | AFPacketeth78 | 448996
> tcp.synack | AFPacketeth78 | 425954
> tcp.rst | AFPacketeth78 | 44414
> tcp.segment_memcap_drop | AFPacketeth78 | 0
> tcp.stream_depth_reached | AFPacketeth78 | 1
> tcp.reassembly_memuse | AFPacketeth78 | 612577353
> tcp.reassembly_gap | AFPacketeth78 | 5901
> detect.alert | AFPacketeth78 | 60
>
> flow_mgr.closed_pruned | FlowManagerThread | 3249197
> flow_mgr.new_pruned | FlowManagerThread | 466734
> flow_mgr.est_pruned | FlowManagerThread | 787118
> flow.memuse | FlowManagerThread | 7433952
> flow.spare | FlowManagerThread | 11109
> flow.emerg_mode_entered | FlowManagerThread | 0
> flow.emerg_mode_over | FlowManagerThread | 0
>
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list