[Oisf-users] Description of Suricata Statistics
Charles DeVoe
scarecrow_57 at yahoo.com
Wed Nov 16 13:02:26 UTC 2016
When I say examine the settings in the YAML file I am considering taking these values, and based on what I know about how the sensor is running, I could find places for improvement. For example, I am seeing high cpu utilization and notice I am only using 4 out of 16 possible threads. That should lower the score. That however, is a long ways away.
From: Andreas Herz <andi at geekosphere.org>
To: oisf-users at lists.openinfosecfoundation.org
Sent: Tuesday, November 15, 2016 5:33 PM
Subject: Re: [Oisf-users] Description of Suricata Statistics
On 15/11/16 at 17:21, Charles DeVoe wrote:
> Next, in the Suricata stats file there are many counters/values. Some
> of them are intuitively obvious as to what they are (almost). Is
> there someplace where there is a description of what all of these
> values are measuring and how they are measured?
In the code :) But yes we might want to add a description to the docs as
well.
> I have an environment with 150 sensors all measuring 150 unique
> networks all with different hardware. My objective is to create an
> application or script that will examine these values to give me a
> score on how well the sensor is performing. I intend to include CPU,
> Memory, and Network utilization as well as examine the settings in the
> YAML file.
I'm not sure what you mean with "examine the settings in the YAML file",
could you explain what you're thinking about?
--
Andreas Herz
_______________________________________________
Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
Suricata User Conference November 9-11 in Washington, DC: http://suricon.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20161116/3d8ecf01/attachment-0002.html>
More information about the Oisf-users
mailing list