Suricata

Suricata writes many stats on a per thread basis, but lots of them would be nice to have in an aggregated format, specifically things like packets dropped.

Identifying high loss on a single thread might indicate something like a really large stream that's overwhelming a thread, but it's not indicative of poor overall performance of the system.

Identifying high packet loss or variations in packet loss for the system is sometimes more useful (ex: I made change X and overall packet loss went from an average of 3% to 7% over 24 hours) If global values of per thread stats could be aggregated and written at each interval that would make monitoring this easier (it could be done with external code to sum the packet loss and total packet across threads now...)