[Oisf-users] Description of Suricata Statistics

Charles DeVoe scarecrow_57 at yahoo.com
Wed Nov 16 13:02:26 UTC 2016

When I say examine the settings in the YAML file I am considering taking these values, and based on what I know about how the sensor is running, I could find places for improvement.  For example, I am seeing high cpu utilization and notice I am only using 4 out of 16 possible threads.  That should lower the score.  That however, is a long ways away.

      From: Andreas Herz <andi at geekosphere.org>
 To: oisf-users at lists.openinfosecfoundation.org 
 Sent: Tuesday, November 15, 2016 5:33 PM
 Subject: Re: [Oisf-users] Description of Suricata Statistics
On 15/11/16 at 17:21, Charles DeVoe wrote:
> Next, in the Suricata stats file there are many counters/values.  Some
> of them are intuitively obvious as to what they are (almost).  Is
> there someplace where there is a description of what all of these
> values are measuring and how they are measured? 

In the code :) But yes we might want to add a description to the docs as

> I have an environment with 150 sensors all measuring 150 unique
> networks all with different hardware.  My objective is to create an
> application or script that will examine these values to give me a
> score on how well the sensor is performing.  I intend to include CPU,
> Memory, and Network utilization as well as examine the settings in the
> YAML file.

I'm not sure what you mean with "examine the settings in the YAML file",
could you explain what you're thinking about?

Andreas Herz
Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
Suricata User Conference November 9-11 in Washington, DC: http://suricon.net

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20161116/3d8ecf01/attachment-0002.html>

More information about the Oisf-users mailing list