Write pre-aggregated counters for all threads
Suricata writes many stats on a per thread basis, but lots of them would be nice to have in an aggregated format, specifically things like packets dropped.
Identifying high loss on a single thread might indicate something like a really large stream that's overwhelming a thread, but it's not indicative of poor overall performance of the system.
Identifying high packet loss or variations in packet loss for the system is sometimes more useful (ex: I made change X and overall packet loss went from an average of 3% to 7% over 24 hours) If global values of per thread stats could be aggregated and written at each interval that would make monitoring this easier (it could be done with external code to sum the packet loss and total packet across threads now...)
Updated by Victor Julien over 8 years ago
You might be interested in my Lua script here: https://github.com/inliniac/surilua
Updated by Victor Julien about 8 years ago
- Status changed from New to Closed
- Assignee set to Victor Julien
- Target version set to 3.0RC1
- % Done changed from 0 to 100