[Oisf-users] problem with suricata3 stats logs
erik clark
philosnef at gmail.com
Wed Nov 16 18:55:45 UTC 2016
No. Previously this was in stats.log. Right now I have zero ways of telling
if pf_ring or af_packet is being properly used. :)
https://home.regit.org/2012/07/suricata-to-10gbps-and-beyond/
capture.kernel_packets | AFPacketeth315 | 1436331302
capture.kernel_drops | AFPacketeth315 | 0
capture.kernel_packets | AFPacketeth316 | 1449320230
capture.kernel_drops | AFPacketeth316 | 0
On Wed, Nov 16, 2016 at 1:51 PM, Andreas Moe <moe.andreas at gmail.com> wrote:
> Shouldnt suricata logging (suricata.log if enabled, and not sure of what
> verbose level needed) indicate what acquisition method is used?
>
> Den ons. 16. nov. 2016, 19:45 skrev erik clark <philosnef at gmail.com>:
>
>> Ok, so I can't tell if either pfring or afpacket is actually being used
>> by suricata. Previous versions of suricata had AFPacket in the stats.log
>> indicating one or the other is loaded. Now, all it says:
>>
>> (stat) | W#12-em3 | (value)
>>
>> How can I tell that either afpacket or pfring is _actually_ being used as
>> expected, when nothing in the stats.log file indicates that this is the
>> case? Thanks!
>>
>> _______________________________________________
>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> Suricata User Conference November 9-11 in Washington, DC:
>> http://suricon.net
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20161116/b98af3a2/attachment-0002.html>
More information about the Oisf-users
mailing list