Feature #318
closedprint statistics on signal
Description
I have a problem with suricata 1.0.3 when I want to know at what packets rate suricata's IDS starts to drop packets. Now I can do it only by killing suricata, so if I want to perform one more test I have to wait about 5 mins while suricata restarts. Logging statistics to syslog is not so good because user can setup a syslog not to log low-priority messages (or maybe not to log them at all), but want to see a complete statistics issuing some command.
Is it possible to at least to print statisrics to a file on some signal, say SIGUSR1?
Updated by Victor Julien over 12 years ago
- Status changed from New to Assigned
- Assignee set to Anoop Saldanha
- Target version set to 1.2beta1
- Estimated time set to 3.00 h
A signal triggered pkt drop report would be one way. Another would be to expose the drop stats to our interval based stats.log. That would require some changes to the counter API I think, but would be useful.
Anoop, can you think of a way for the packet acquisition modules to register a function that allows us to expose drop stats to the stats.log? Thread safety is an important factor here.
Updated by Anoop Saldanha over 12 years ago
Actually having a function that can be registered by a pkt capture module to receive stats would be nice, but wondering design wise where's the best place to put it?
With that, putting these stats in our counters API should be cool. The ptv will hold the counter ids and it holds the pkt capture iface handle, so it looks good.
Updated by Victor Julien over 12 years ago
- Target version changed from 1.2beta1 to 1.3beta2
Updated by Victor Julien almost 12 years ago
- Target version changed from 1.3beta2 to TBD
Updated by Victor Julien about 11 years ago
- Status changed from Assigned to Closed
- Target version deleted (
TBD)
Drop stats for pcap, af_packet, pf_ring are now part of normal counters in stats.log. Considering this to be resolved.