Project

General

Profile

Actions
Copy link

Bug #1390

closed

suricatasc return empty iface-stat.pkts in IPS nfqueue mode

Added by Christophe Nowicki almost 10 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Low
Assignee:
Community Ticket
Target version:
TBD
Affected Versions:
Effort:
Difficulty:
Label:

Description

Hi,

I'am running suricata in IPS mode with nfqueue on GNU/Linux, I'am trying to get some counters
in order to draw nice graph with munin, but suricatasc return empty iface-stat.pkts :

[code]
  1. PYTHONPATH=/usr/lib/python2.7/site-packages suricatasc
    Command list: shutdown, command-list, help, version, uptime, running-mode, capture-mode, conf-get, dump-counters, iface-stat, iface-list, quit

version

Success:
"2.0.6 RELEASE"

iface-list

Success: {
"count": 2,
"ifaces": [
"0",
"1"
]
}

iface-stat 0

Success: {
"drop": 0,
"invalid-checksums": 0,
"pkts": 0
}
[/code]
Suricata is processing packets and working but pkts value is not updated.

[code]
  1. cat /proc/net/netfilter/nfnetlink_queue
    0 15214 0 2 65531 0 0 97427 1
    [/code]

...

[code]
  1. cat /proc/net/netfilter/nfnetlink_queue
    0 15214 0 2 65531 0 0 101646 1
    [/code]

Packet are processed because the packet id of last packet is updated.

I'am running Suricata STABLE on Debian GNU/Linux :

[code]
  1. suricata --build-info
    This is Suricata version 2.0.6 RELEASE
    Features: NFQ PCAP_SET_BUFF LIBPCAP_VERSION_MAJOR=1 AF_PACKET HAVE_PACKET_FANOUT LIBCAP_NG LIBNET1.1 HAVE_HTP_URI_NORMALIZE_HOOK PCRE_JIT HAVE_NSS HAVE_LUA HAVE_LUAJIT HAVE_LIBJANSSON
    SIMD support: SSE_3
    Atomic intrisics: 1 2 4 8 byte(s)
    32-bits, Little-endian architecture
    GCC version 4.7.2, C version 199901
    compiled with -fstack-protector
    compiled with _FORTIFY_SOURCE=2
    L1 cache line size (CLS)=64
    compiled with LibHTP v0.5.16, linked against LibHTP v0.5.16
    Suricata Configuration:
    AF_PACKET support: yes
    PF_RING support: no
    NFQueue support: yes
    NFLOG support: no
    IPFW support: no
    DAG enabled: no
    Napatech enabled: no
    Unix socket enabled: yes
    Detection enabled: yes
libnss support:                          yes
  libnspr support:                         yes
  libjansson support:                      yes
  Prelude support:                         no
  PCRE jit:                                yes
  LUA support:                             yes
  libluajit:                               yes
  libgeoip:                                yes
  Non-bundled htp:                         no
  Old barnyard2 support:                   no
  CUDA enabled:                            no
Suricatasc install:                      yes
Unit tests enabled:                      no
  Debug output enabled:                    no
  Debug validation enabled:                no
  Profiling enabled:                       no
  Profiling locks enabled:                 no
  Coccinelle / spatch:                     no

Generic build parameters:
Installation prefix (--prefix): /usr
Configuration directory (--sysconfdir): /etc/suricata/
Log directory (--localstatedir) : /var/log/suricata/

Host:                                    i686-pc-linux-gnu
  GCC binary:                              gcc
  GCC Protect enabled:                     yes
  GCC march native enabled:                yes
  GCC Profile enabled:                     no
[/code]

Best Regards,

Actions
Copy link

Also available in: Atom PDF