Actions
Bug #757
closedalert stats on exit
Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
Affected Versions:
Effort:
Difficulty:
Label:
Description
on exit we get the following :
[6717] 24/2/2013 -- 22:49:05 - (suricata.c:2025) <Info> (main) -- Signal Received. Stopping engine. [6737] 24/2/2013 -- 22:49:06 - (flow-manager.c:558) <Info> (FlowManagerThread) -- 0 new flows, 0 established flows were timed out, 0 flows in closed state ^C^C[6717] 24/2/2013 -- 22:49:34 - (suricata.c:2061) <Info> (main) -- time elapsed 878.634s [6719] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1584) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth31) Kernel: Packets 71316072, dropped 51318882 [6719] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1587) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth31) Packets 19697117, bytes 19255548226 [6719] 24/2/2013 -- 22:49:34 - (stream-tcp.c:4180) <Info> (StreamTcpExitPrintStats) -- Stream TCP processed 13417077 TCP packets [6719] 24/2/2013 -- 22:49:34 - (alert-fastlog.c:321) <Info> (AlertFastLogExitPrintStats) -- Fast log output wrote 2305 alerts [6719] 24/2/2013 -- 22:49:34 - (log-httplog.c:617) <Info> (LogHttpLogExitPrintStats) -- HTTP logger logged 4433 requests [6719] 24/2/2013 -- 22:49:34 - (log-tlslog.c:528) <Info> (LogTlsLogExitPrintStats) -- TLS logger logged 905 requests [6721] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1584) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth32) Kernel: Packets 66771831, dropped 42394394 [6721] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1587) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth32) Packets 24077364, bytes 22741543699 [6721] 24/2/2013 -- 22:49:34 - (stream-tcp.c:4180) <Info> (StreamTcpExitPrintStats) -- Stream TCP processed 9470835 TCP packets [6721] 24/2/2013 -- 22:49:34 - (alert-fastlog.c:321) <Info> (AlertFastLogExitPrintStats) -- Fast log output wrote 2305 alerts [6721] 24/2/2013 -- 22:49:34 - (log-httplog.c:617) <Info> (LogHttpLogExitPrintStats) -- HTTP logger logged 16 requests [6721] 24/2/2013 -- 22:49:34 - (log-tlslog.c:528) <Info> (LogTlsLogExitPrintStats) -- TLS logger logged 2 requests [6722] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1584) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth33) Kernel: Packets 67086776, dropped 42902076 [6722] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1587) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth33) Packets 23884627, bytes 23164737775 [6722] 24/2/2013 -- 22:49:34 - (stream-tcp.c:4180) <Info> (StreamTcpExitPrintStats) -- Stream TCP processed 9285094 TCP packets [6722] 24/2/2013 -- 22:49:34 - (alert-fastlog.c:321) <Info> (AlertFastLogExitPrintStats) -- Fast log output wrote 2305 alerts [6722] 24/2/2013 -- 22:49:34 - (log-httplog.c:617) <Info> (LogHttpLogExitPrintStats) -- HTTP logger logged 11 requests [6722] 24/2/2013 -- 22:49:34 - (log-tlslog.c:528) <Info> (LogTlsLogExitPrintStats) -- TLS logger logged 7 requests [6723] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1584) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth34) Kernel: Packets 65349782, dropped 40874913 [6723] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1587) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth34) Packets 24174795, bytes 22909649612 [6723] 24/2/2013 -- 22:49:34 - (stream-tcp.c:4180) <Info> (StreamTcpExitPrintStats) -- Stream TCP processed 9250112 TCP packets [6723] 24/2/2013 -- 22:49:34 - (alert-fastlog.c:321) <Info> (AlertFastLogExitPrintStats) -- Fast log output wrote 2305 alerts [6723] 24/2/2013 -- 22:49:34 - (log-httplog.c:617) <Info> (LogHttpLogExitPrintStats) -- HTTP logger logged 18 requests [6723] 24/2/2013 -- 22:49:34 - (log-tlslog.c:528) <Info> (LogTlsLogExitPrintStats) -- TLS logger logged 10 requests [6724] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1584) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth35) Kernel: Packets 70335392, dropped 46387805 [6724] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1587) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth35) Packets 23647514, bytes 23281670833 [6724] 24/2/2013 -- 22:49:34 - (stream-tcp.c:4180) <Info> (StreamTcpExitPrintStats) -- Stream TCP processed 8698399 TCP packets [6724] 24/2/2013 -- 22:49:34 - (alert-fastlog.c:321) <Info> (AlertFastLogExitPrintStats) -- Fast log output wrote 2305 alerts [6724] 24/2/2013 -- 22:49:34 - (log-httplog.c:617) <Info> (LogHttpLogExitPrintStats) -- HTTP logger logged 18 requests [6724] 24/2/2013 -- 22:49:34 - (log-tlslog.c:528) <Info> (LogTlsLogExitPrintStats) -- TLS logger logged 5 requests [6725] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1584) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth36) Kernel: Packets 72708549, dropped 48646128 [6725] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1587) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth36) Packets 23762347, bytes 23618239776 [6725] 24/2/2013 -- 22:49:34 - (stream-tcp.c:4180) <Info> (StreamTcpExitPrintStats) -- Stream TCP processed 9205022 TCP packets [6725] 24/2/2013 -- 22:49:34 - (alert-fastlog.c:321) <Info> (AlertFastLogExitPrintStats) -- Fast log output wrote 2305 alerts [6725] 24/2/2013 -- 22:49:34 - (log-httplog.c:617) <Info> (LogHttpLogExitPrintStats) -- HTTP logger logged 16 requests [6725] 24/2/2013 -- 22:49:34 - (log-tlslog.c:528) <Info> (LogTlsLogExitPrintStats) -- TLS logger logged 9 requests [6726] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1584) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth37) Kernel: Packets 66298298, dropped 42257931 [6726] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1587) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth37) Packets 23740293, bytes 22766699728 [6726] 24/2/2013 -- 22:49:34 - (stream-tcp.c:4180) <Info> (StreamTcpExitPrintStats) -- Stream TCP processed 9217685 TCP packets [6726] 24/2/2013 -- 22:49:34 - (alert-fastlog.c:321) <Info> (AlertFastLogExitPrintStats) -- Fast log output wrote 2305 alerts [6726] 24/2/2013 -- 22:49:34 - (log-httplog.c:617) <Info> (LogHttpLogExitPrintStats) -- HTTP logger logged 11 requests [6726] 24/2/2013 -- 22:49:34 - (log-tlslog.c:528) <Info> (LogTlsLogExitPrintStats) -- TLS logger logged 4 requests [6727] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1584) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth38) Kernel: Packets 68226067, dropped 44059654 [6727] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1587) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth38) Packets 23866340, bytes 22684731471 [6727] 24/2/2013 -- 22:49:34 - (stream-tcp.c:4180) <Info> (StreamTcpExitPrintStats) -- Stream TCP processed 9422351 TCP packets [6727] 24/2/2013 -- 22:49:34 - (alert-fastlog.c:321) <Info> (AlertFastLogExitPrintStats) -- Fast log output wrote 2305 alerts [6727] 24/2/2013 -- 22:49:34 - (log-httplog.c:617) <Info> (LogHttpLogExitPrintStats) -- HTTP logger logged 13 requests [6727] 24/2/2013 -- 22:49:34 - (log-tlslog.c:528) <Info> (LogTlsLogExitPrintStats) -- TLS logger logged 5 requests [6728] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1584) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth39) Kernel: Packets 64159591, dropped 39720206 [6728] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1587) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth39) Packets 24139311, bytes 22711997572 [6728] 24/2/2013 -- 22:49:34 - (stream-tcp.c:4180) <Info> (StreamTcpExitPrintStats) -- Stream TCP processed 9483907 TCP packets [6728] 24/2/2013 -- 22:49:34 - (alert-fastlog.c:321) <Info> (AlertFastLogExitPrintStats) -- Fast log output wrote 2305 alerts [6728] 24/2/2013 -- 22:49:34 - (log-httplog.c:617) <Info> (LogHttpLogExitPrintStats) -- HTTP logger logged 13 requests [6728] 24/2/2013 -- 22:49:34 - (log-tlslog.c:528) <Info> (LogTlsLogExitPrintStats) -- TLS logger logged 6 requests [6730] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1584) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth310) Kernel: Packets 66913874, dropped 42104007 [6730] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1587) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth310) Packets 24509793, bytes 23425684056 [6730] 24/2/2013 -- 22:49:34 - (stream-tcp.c:4180) <Info> (StreamTcpExitPrintStats) -- Stream TCP processed 9018186 TCP packets [6730] 24/2/2013 -- 22:49:34 - (alert-fastlog.c:321) <Info> (AlertFastLogExitPrintStats) -- Fast log output wrote 2305 alerts [6730] 24/2/2013 -- 22:49:34 - (log-httplog.c:617) <Info> (LogHttpLogExitPrintStats) -- HTTP logger logged 13 requests [6730] 24/2/2013 -- 22:49:34 - (log-tlslog.c:528) <Info> (LogTlsLogExitPrintStats) -- TLS logger logged 2 requests [6731] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1584) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth311) Kernel: Packets 67625443, dropped 42732837 [6731] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1587) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth311) Packets 24592533, bytes 23699355191 [6731] 24/2/2013 -- 22:49:34 - (stream-tcp.c:4180) <Info> (StreamTcpExitPrintStats) -- Stream TCP processed 9016955 TCP packets [6731] 24/2/2013 -- 22:49:34 - (alert-fastlog.c:321) <Info> (AlertFastLogExitPrintStats) -- Fast log output wrote 2305 alerts [6731] 24/2/2013 -- 22:49:34 - (log-httplog.c:617) <Info> (LogHttpLogExitPrintStats) -- HTTP logger logged 14 requests [6731] 24/2/2013 -- 22:49:34 - (log-tlslog.c:528) <Info> (LogTlsLogExitPrintStats) -- TLS logger logged 6 requests [6732] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1584) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth312) Kernel: Packets 70233953, dropped 46699248 [6732] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1587) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth312) Packets 23234632, bytes 22610273222 [6732] 24/2/2013 -- 22:49:34 - (stream-tcp.c:4180) <Info> (StreamTcpExitPrintStats) -- Stream TCP processed 9042239 TCP packets [6732] 24/2/2013 -- 22:49:34 - (alert-fastlog.c:321) <Info> (AlertFastLogExitPrintStats) -- Fast log output wrote 2305 alerts [6732] 24/2/2013 -- 22:49:34 - (log-httplog.c:617) <Info> (LogHttpLogExitPrintStats) -- HTTP logger logged 17 requests [6732] 24/2/2013 -- 22:49:34 - (log-tlslog.c:528) <Info> (LogTlsLogExitPrintStats) -- TLS logger logged 9 requests [6733] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1584) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth313) Kernel: Packets 68229108, dropped 44047634 [6733] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1587) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth313) Packets 23881401, bytes 23099867563 [6733] 24/2/2013 -- 22:49:34 - (stream-tcp.c:4180) <Info> (StreamTcpExitPrintStats) -- Stream TCP processed 9398418 TCP packets [6733] 24/2/2013 -- 22:49:34 - (alert-fastlog.c:321) <Info> (AlertFastLogExitPrintStats) -- Fast log output wrote 2305 alerts [6733] 24/2/2013 -- 22:49:34 - (log-httplog.c:617) <Info> (LogHttpLogExitPrintStats) -- HTTP logger logged 19 requests [6733] 24/2/2013 -- 22:49:34 - (log-tlslog.c:528) <Info> (LogTlsLogExitPrintStats) -- TLS logger logged 4 requests [6734] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1584) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth314) Kernel: Packets 69196467, dropped 44387297 [6734] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1587) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth314) Packets 24509096, bytes 24042953749 [6734] 24/2/2013 -- 22:49:34 - (stream-tcp.c:4180) <Info> (StreamTcpExitPrintStats) -- Stream TCP processed 9159856 TCP packets [6734] 24/2/2013 -- 22:49:34 - (alert-fastlog.c:321) <Info> (AlertFastLogExitPrintStats) -- Fast log output wrote 2305 alerts [6734] 24/2/2013 -- 22:49:34 - (log-httplog.c:617) <Info> (LogHttpLogExitPrintStats) -- HTTP logger logged 13 requests [6734] 24/2/2013 -- 22:49:34 - (log-tlslog.c:528) <Info> (LogTlsLogExitPrintStats) -- TLS logger logged 3 requests [6735] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1584) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth315) Kernel: Packets 65289000, dropped 40587228 [6735] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1587) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth315) Packets 24401699, bytes 22306283405 [6735] 24/2/2013 -- 22:49:34 - (stream-tcp.c:4180) <Info> (StreamTcpExitPrintStats) -- Stream TCP processed 9704854 TCP packets [6735] 24/2/2013 -- 22:49:34 - (alert-fastlog.c:321) <Info> (AlertFastLogExitPrintStats) -- Fast log output wrote 2305 alerts [6735] 24/2/2013 -- 22:49:34 - (log-httplog.c:617) <Info> (LogHttpLogExitPrintStats) -- HTTP logger logged 14 requests [6735] 24/2/2013 -- 22:49:34 - (log-tlslog.c:528) <Info> (LogTlsLogExitPrintStats) -- TLS logger logged 4 requests [6736] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1584) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth316) Kernel: Packets 66511810, dropped 41832973 [6736] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1587) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth316) Packets 24378764, bytes 22899418425 [6736] 24/2/2013 -- 22:49:34 - (stream-tcp.c:4180) <Info> (StreamTcpExitPrintStats) -- Stream TCP processed 9466590 TCP packets [6736] 24/2/2013 -- 22:49:34 - (alert-fastlog.c:321) <Info> (AlertFastLogExitPrintStats) -- Fast log output wrote 2305 alerts [6736] 24/2/2013 -- 22:49:34 - (log-httplog.c:617) <Info> (LogHttpLogExitPrintStats) -- HTTP logger logged 19 requests [6736] 24/2/2013 -- 22:49:34 - (log-tlslog.c:528) <Info> (LogTlsLogExitPrintStats) -- TLS logger logged 3 requests ^C[6717] 24/2/2013 -- 22:49:38 - (host.c:244) <Info> (HostPrintStats) -- host memory usage: 349376 bytes, maximum: 16777216 [6717] 24/2/2013 -- 22:49:38 - (util-profiling-rules.c:299) <Info> (SCProfilingRuleDump) -- Dumping profiling data for 6555 rules. [6717] 24/2/2013 -- 22:49:38 - (util-profiling-rules.c:416) <Info> (SCProfilingRuleDump) -- Done dumping profiling data. [6717] 24/2/2013 -- 22:49:38 - (detect.c:3981) <Info> (SigAddressCleanupStage1) -- cleaning up signature grouping structure... complete [6717] 24/2/2013 -- 22:49:38 - (util-profiling.c:275) <Info> (SCProfilingDump) -- Done dumping profiling data
notice how
Fast log output wrote 2305 alerts
is the same for every thread but the other stats are not.
I think it could be beneficial if "alerts output" is on a per detect thread as well - maybe take it directly from the "detect.alert" from stats.log?
thanks
Updated by Victor Julien about 11 years ago
- Tracker changed from Optimization to Bug
- Subject changed from aler stats on exit to alert stats on exit
I actually think we should just print on number, the number of alerts all threads logged combined. Output like the above is way to cluttered.
Updated by Victor Julien over 6 years ago
- Status changed from New to Closed
- Assignee deleted (
OISF Dev) - Target version deleted (
TBD)
Implemented in 4.0.
[61112] 19/10/2017 -- 08:03:19 - (counters.c:821) <Info> (StatsLogSummary) -- Alerts: 4489
Actions