[Oisf-users] Suricata Bytes count
Jeremy A. Grove
jgrove at quadrantsec.com
Wed Oct 9 15:16:29 UTC 2019
Hello World,
I have a need to report on the amount of bytes that Suricata has processed. When looking at the stats output, the only mention of bytes that I see is under 'decoder'. I also notice that the number of recorded Kernel packets and the number of decoder packets is different. A few questions come from this.
Is it safe to assume that I do not have a total byte count for all traffic as the bytes seem to only be what has been processed by a decoder?
Is there a way for me to find the total byte count?
What explains the difference between the packets in kernel vs the packets in decoder?
Was there a reason for the exclusion of the byte count in total?
I have given example numbers below.
"capture":{"kernel_packets":1698660511
"decoder":{"pkts":1350997867,"bytes":1399677688201,
Regards,
Jeremy Grove, SSCP
Security Engineer
Quadrant Information Security
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20191009/9e2459c1/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2131 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20191009/9e2459c1/attachment.bin>
More information about the Oisf-users
mailing list