[Oisf-users] Don't need no stinking logs

James Moe jimoe at sohnen-moe.com
Wed Nov 7 18:12:21 UTC 2018 

On 11/6/18 11:12 AM, Michał Purzyński wrote:

> ethtool -S <your interface name>
> 
$ sudo ethtool -S eth0
NIC statistics:
     tx_packets: 73581123
     rx_packets: 81237404
     tx_errors: 0
     rx_errors: 0
     rx_missed: 1480
     align_errors: 0
     tx_single_collisions: 0
     tx_multi_collisions: 0
     unicast: 79851134
     broadcast: 503636
     multicast: 882634
     tx_aborted: 0
     tx_underrun: 0


> Go ahead and enable the stats.log - either in form of a text file or a
> JSON, up to you.
> 
Counter                        | TM Name | Value
------------------------------------------------------
decoder.pkts                   | Total   | 1822174
decoder.bytes                  | Total   | 946330414
decoder.ipv4                   | Total   | 1822174
decoder.ipv6                   | Total   | 7
decoder.tcp                    | Total   | 1765618
decoder.udp                    | Total   | 53782
decoder.icmpv4                 | Total   | 1535
decoder.teredo                 | Total   | 7
decoder.avg_pkt_size           | Total   | 519
decoder.max_pkt_size           | Total   | 49315
flow.tcp                       | Total   | 6044
flow.udp                       | Total   | 16239
flow.icmpv4                    | Total   | 29
decoder.ipv4.opt_pad_required  | Total   | 1062
tcp.sessions                   | Total   | 4948
tcp.syn                        | Total   | 10811
tcp.synack                     | Total   | 10811
tcp.rst                        | Total   | 10591
tcp.stream_depth_reached       | Total   | 14
tcp.overlap                    | Total   | 110582
detect.alert                   | Total   | 24
app_layer.flow.http            | Total   | 687
app_layer.tx.http              | Total   | 710
app_layer.flow.smtp            | Total   | 462
app_layer.tx.smtp              | Total   | 533
app_layer.flow.tls             | Total   | 1725
app_layer.flow.imap            | Total   | 37
app_layer.flow.dns_tcp         | Total   | 57
app_layer.tx.dns_tcp           | Total   | 114
app_layer.flow.failed_tcp      | Total   | 17
app_layer.flow.dns_udp         | Total   | 14284
app_layer.tx.dns_udp           | Total   | 43847
app_layer.flow.failed_udp      | Total   | 1955
ips.accepted                   | Total   | 1825079
ips.blocked                    | Total   | 1949
flow_mgr.closed_pruned         | Total   | 4730
flow_mgr.new_pruned            | Total   | 2841
flow_mgr.est_pruned            | Total   | 14419
flow.spare                     | Total   | 10000
flow.tcp_reuse                 | Total   | 619
flow_mgr.flows_checked         | Total   | 1
flow_mgr.flows_notimeout       | Total   | 1
flow_mgr.rows_checked          | Total   | 65536
flow_mgr.rows_skipped          | Total   | 65535
flow_mgr.rows_maxlen           | Total   | 1
tcp.memuse                     | Total   | 2293760
tcp.reassembly_memuse          | Total   | 743424
flow.memuse                    | Total   | 7332192


-- 
James Moe
moe dot james at sohnen-moe dot com
520.743.3936
Think.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20181107/6b06e43b/attachment.sig>

More information about the Oisf-users mailing list