Project

General

Profile

Actions
Copy link

Feature #4840

open

stats: distinguish between observational stats and performance stats

Added by Victor Julien about 4 years ago. Updated 17 days ago.

Status:
New
Priority:
Normal
Assignee:
OISF Dev
Target version:
TBD
Effort:
Difficulty:
Label:

Description

Stats are currently a mix of observations, like packet counts or flow counts and stats meant to give insights into how suricata is doing internally. Best example of the latter is the flow.mgr.* set of stats. To avoid confusion we may want to somehow split this or at least make it clearer that these are different classes of info.

As an example: the flow.tcp and flow.udp count the number of tcp flows and udp flows, but comparing these with flow.mgr.flows_checked makes little sense, as the latter is just an indication of how busy the flow manager is keeping itself. A flow may be checked multiple times by the flow manager.

Related issues 1 (1 open0 closed)

Related to Suricata - Task #8123: Suricon 2025 BrainstormAssignedVictor JulienActions
Actions
Copy link
 #1

Updated by Philippe Antoine over 1 year ago

  • Assignee set to OISF Dev
  • Target version set to TBD
Actions
Copy link
 #2

Updated by Juliana Fajardini Reichow 17 days ago

  • Related to Task #8123: Suricon 2025 Brainstorm added
Actions
Copy link
 #3

Updated by Juliana Fajardini Reichow 17 days ago

Was brought up during one Q&A session, about the exception policy stats, actually.

Actions
Copy link

Also available in: Atom PDF