Project

General

Profile

Actions

Feature #1374

closed

Write pre-aggregated counters for all threads

Added by Duane Howard over 7 years ago. Updated over 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

Suricata writes many stats on a per thread basis, but lots of them would be nice to have in an aggregated format, specifically things like packets dropped.

Identifying high loss on a single thread might indicate something like a really large stream that's overwhelming a thread, but it's not indicative of poor overall performance of the system.

Identifying high packet loss or variations in packet loss for the system is sometimes more useful (ex: I made change X and overall packet loss went from an average of 3% to 7% over 24 hours) If global values of per thread stats could be aggregated and written at each interval that would make monitoring this easier (it could be done with external code to sum the packet loss and total packet across threads now...)

Actions #1

Updated by Victor Julien over 7 years ago

You might be interested in my Lua script here: https://github.com/inliniac/surilua

Actions #2

Updated by Victor Julien over 7 years ago

  • Status changed from New to Closed
  • Assignee set to Victor Julien
  • Target version set to 3.0RC1
  • % Done changed from 0 to 100
Actions

Also available in: Atom PDF