Project

General

Profile

Actions

Bug #757

closed

alert stats on exit

Added by Peter Manev about 11 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
Affected Versions:
Effort:
Difficulty:
Label:

Description

on exit we get the following :

[6717] 24/2/2013 -- 22:49:05 - (suricata.c:2025) <Info> (main) -- Signal Received.  Stopping engine.
[6737] 24/2/2013 -- 22:49:06 - (flow-manager.c:558) <Info> (FlowManagerThread) -- 0 new flows, 0 established flows were timed out, 0 flows in closed state

^C^C[6717] 24/2/2013 -- 22:49:34 - (suricata.c:2061) <Info> (main) -- time elapsed 878.634s
[6719] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1584) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth31) Kernel: Packets 71316072, dropped 51318882
[6719] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1587) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth31) Packets 19697117, bytes 19255548226
[6719] 24/2/2013 -- 22:49:34 - (stream-tcp.c:4180) <Info> (StreamTcpExitPrintStats) -- Stream TCP processed 13417077 TCP packets
[6719] 24/2/2013 -- 22:49:34 - (alert-fastlog.c:321) <Info> (AlertFastLogExitPrintStats) -- Fast log output wrote 2305 alerts
[6719] 24/2/2013 -- 22:49:34 - (log-httplog.c:617) <Info> (LogHttpLogExitPrintStats) -- HTTP logger logged 4433 requests
[6719] 24/2/2013 -- 22:49:34 - (log-tlslog.c:528) <Info> (LogTlsLogExitPrintStats) -- TLS logger logged 905 requests
[6721] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1584) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth32) Kernel: Packets 66771831, dropped 42394394
[6721] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1587) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth32) Packets 24077364, bytes 22741543699
[6721] 24/2/2013 -- 22:49:34 - (stream-tcp.c:4180) <Info> (StreamTcpExitPrintStats) -- Stream TCP processed 9470835 TCP packets
[6721] 24/2/2013 -- 22:49:34 - (alert-fastlog.c:321) <Info> (AlertFastLogExitPrintStats) -- Fast log output wrote 2305 alerts
[6721] 24/2/2013 -- 22:49:34 - (log-httplog.c:617) <Info> (LogHttpLogExitPrintStats) -- HTTP logger logged 16 requests
[6721] 24/2/2013 -- 22:49:34 - (log-tlslog.c:528) <Info> (LogTlsLogExitPrintStats) -- TLS logger logged 2 requests
[6722] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1584) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth33) Kernel: Packets 67086776, dropped 42902076
[6722] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1587) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth33) Packets 23884627, bytes 23164737775
[6722] 24/2/2013 -- 22:49:34 - (stream-tcp.c:4180) <Info> (StreamTcpExitPrintStats) -- Stream TCP processed 9285094 TCP packets
[6722] 24/2/2013 -- 22:49:34 - (alert-fastlog.c:321) <Info> (AlertFastLogExitPrintStats) -- Fast log output wrote 2305 alerts
[6722] 24/2/2013 -- 22:49:34 - (log-httplog.c:617) <Info> (LogHttpLogExitPrintStats) -- HTTP logger logged 11 requests
[6722] 24/2/2013 -- 22:49:34 - (log-tlslog.c:528) <Info> (LogTlsLogExitPrintStats) -- TLS logger logged 7 requests
[6723] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1584) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth34) Kernel: Packets 65349782, dropped 40874913
[6723] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1587) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth34) Packets 24174795, bytes 22909649612
[6723] 24/2/2013 -- 22:49:34 - (stream-tcp.c:4180) <Info> (StreamTcpExitPrintStats) -- Stream TCP processed 9250112 TCP packets
[6723] 24/2/2013 -- 22:49:34 - (alert-fastlog.c:321) <Info> (AlertFastLogExitPrintStats) -- Fast log output wrote 2305 alerts
[6723] 24/2/2013 -- 22:49:34 - (log-httplog.c:617) <Info> (LogHttpLogExitPrintStats) -- HTTP logger logged 18 requests
[6723] 24/2/2013 -- 22:49:34 - (log-tlslog.c:528) <Info> (LogTlsLogExitPrintStats) -- TLS logger logged 10 requests
[6724] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1584) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth35) Kernel: Packets 70335392, dropped 46387805
[6724] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1587) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth35) Packets 23647514, bytes 23281670833
[6724] 24/2/2013 -- 22:49:34 - (stream-tcp.c:4180) <Info> (StreamTcpExitPrintStats) -- Stream TCP processed 8698399 TCP packets
[6724] 24/2/2013 -- 22:49:34 - (alert-fastlog.c:321) <Info> (AlertFastLogExitPrintStats) -- Fast log output wrote 2305 alerts
[6724] 24/2/2013 -- 22:49:34 - (log-httplog.c:617) <Info> (LogHttpLogExitPrintStats) -- HTTP logger logged 18 requests
[6724] 24/2/2013 -- 22:49:34 - (log-tlslog.c:528) <Info> (LogTlsLogExitPrintStats) -- TLS logger logged 5 requests
[6725] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1584) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth36) Kernel: Packets 72708549, dropped 48646128
[6725] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1587) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth36) Packets 23762347, bytes 23618239776
[6725] 24/2/2013 -- 22:49:34 - (stream-tcp.c:4180) <Info> (StreamTcpExitPrintStats) -- Stream TCP processed 9205022 TCP packets
[6725] 24/2/2013 -- 22:49:34 - (alert-fastlog.c:321) <Info> (AlertFastLogExitPrintStats) -- Fast log output wrote 2305 alerts
[6725] 24/2/2013 -- 22:49:34 - (log-httplog.c:617) <Info> (LogHttpLogExitPrintStats) -- HTTP logger logged 16 requests
[6725] 24/2/2013 -- 22:49:34 - (log-tlslog.c:528) <Info> (LogTlsLogExitPrintStats) -- TLS logger logged 9 requests
[6726] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1584) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth37) Kernel: Packets 66298298, dropped 42257931
[6726] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1587) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth37) Packets 23740293, bytes 22766699728
[6726] 24/2/2013 -- 22:49:34 - (stream-tcp.c:4180) <Info> (StreamTcpExitPrintStats) -- Stream TCP processed 9217685 TCP packets
[6726] 24/2/2013 -- 22:49:34 - (alert-fastlog.c:321) <Info> (AlertFastLogExitPrintStats) -- Fast log output wrote 2305 alerts
[6726] 24/2/2013 -- 22:49:34 - (log-httplog.c:617) <Info> (LogHttpLogExitPrintStats) -- HTTP logger logged 11 requests
[6726] 24/2/2013 -- 22:49:34 - (log-tlslog.c:528) <Info> (LogTlsLogExitPrintStats) -- TLS logger logged 4 requests
[6727] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1584) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth38) Kernel: Packets 68226067, dropped 44059654
[6727] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1587) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth38) Packets 23866340, bytes 22684731471
[6727] 24/2/2013 -- 22:49:34 - (stream-tcp.c:4180) <Info> (StreamTcpExitPrintStats) -- Stream TCP processed 9422351 TCP packets
[6727] 24/2/2013 -- 22:49:34 - (alert-fastlog.c:321) <Info> (AlertFastLogExitPrintStats) -- Fast log output wrote 2305 alerts
[6727] 24/2/2013 -- 22:49:34 - (log-httplog.c:617) <Info> (LogHttpLogExitPrintStats) -- HTTP logger logged 13 requests
[6727] 24/2/2013 -- 22:49:34 - (log-tlslog.c:528) <Info> (LogTlsLogExitPrintStats) -- TLS logger logged 5 requests
[6728] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1584) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth39) Kernel: Packets 64159591, dropped 39720206
[6728] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1587) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth39) Packets 24139311, bytes 22711997572
[6728] 24/2/2013 -- 22:49:34 - (stream-tcp.c:4180) <Info> (StreamTcpExitPrintStats) -- Stream TCP processed 9483907 TCP packets
[6728] 24/2/2013 -- 22:49:34 - (alert-fastlog.c:321) <Info> (AlertFastLogExitPrintStats) -- Fast log output wrote 2305 alerts
[6728] 24/2/2013 -- 22:49:34 - (log-httplog.c:617) <Info> (LogHttpLogExitPrintStats) -- HTTP logger logged 13 requests
[6728] 24/2/2013 -- 22:49:34 - (log-tlslog.c:528) <Info> (LogTlsLogExitPrintStats) -- TLS logger logged 6 requests
[6730] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1584) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth310) Kernel: Packets 66913874, dropped 42104007
[6730] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1587) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth310) Packets 24509793, bytes 23425684056
[6730] 24/2/2013 -- 22:49:34 - (stream-tcp.c:4180) <Info> (StreamTcpExitPrintStats) -- Stream TCP processed 9018186 TCP packets
[6730] 24/2/2013 -- 22:49:34 - (alert-fastlog.c:321) <Info> (AlertFastLogExitPrintStats) -- Fast log output wrote 2305 alerts
[6730] 24/2/2013 -- 22:49:34 - (log-httplog.c:617) <Info> (LogHttpLogExitPrintStats) -- HTTP logger logged 13 requests
[6730] 24/2/2013 -- 22:49:34 - (log-tlslog.c:528) <Info> (LogTlsLogExitPrintStats) -- TLS logger logged 2 requests
[6731] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1584) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth311) Kernel: Packets 67625443, dropped 42732837
[6731] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1587) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth311) Packets 24592533, bytes 23699355191
[6731] 24/2/2013 -- 22:49:34 - (stream-tcp.c:4180) <Info> (StreamTcpExitPrintStats) -- Stream TCP processed 9016955 TCP packets
[6731] 24/2/2013 -- 22:49:34 - (alert-fastlog.c:321) <Info> (AlertFastLogExitPrintStats) -- Fast log output wrote 2305 alerts
[6731] 24/2/2013 -- 22:49:34 - (log-httplog.c:617) <Info> (LogHttpLogExitPrintStats) -- HTTP logger logged 14 requests
[6731] 24/2/2013 -- 22:49:34 - (log-tlslog.c:528) <Info> (LogTlsLogExitPrintStats) -- TLS logger logged 6 requests
[6732] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1584) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth312) Kernel: Packets 70233953, dropped 46699248
[6732] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1587) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth312) Packets 23234632, bytes 22610273222
[6732] 24/2/2013 -- 22:49:34 - (stream-tcp.c:4180) <Info> (StreamTcpExitPrintStats) -- Stream TCP processed 9042239 TCP packets
[6732] 24/2/2013 -- 22:49:34 - (alert-fastlog.c:321) <Info> (AlertFastLogExitPrintStats) -- Fast log output wrote 2305 alerts
[6732] 24/2/2013 -- 22:49:34 - (log-httplog.c:617) <Info> (LogHttpLogExitPrintStats) -- HTTP logger logged 17 requests
[6732] 24/2/2013 -- 22:49:34 - (log-tlslog.c:528) <Info> (LogTlsLogExitPrintStats) -- TLS logger logged 9 requests
[6733] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1584) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth313) Kernel: Packets 68229108, dropped 44047634
[6733] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1587) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth313) Packets 23881401, bytes 23099867563
[6733] 24/2/2013 -- 22:49:34 - (stream-tcp.c:4180) <Info> (StreamTcpExitPrintStats) -- Stream TCP processed 9398418 TCP packets
[6733] 24/2/2013 -- 22:49:34 - (alert-fastlog.c:321) <Info> (AlertFastLogExitPrintStats) -- Fast log output wrote 2305 alerts
[6733] 24/2/2013 -- 22:49:34 - (log-httplog.c:617) <Info> (LogHttpLogExitPrintStats) -- HTTP logger logged 19 requests
[6733] 24/2/2013 -- 22:49:34 - (log-tlslog.c:528) <Info> (LogTlsLogExitPrintStats) -- TLS logger logged 4 requests
[6734] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1584) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth314) Kernel: Packets 69196467, dropped 44387297
[6734] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1587) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth314) Packets 24509096, bytes 24042953749
[6734] 24/2/2013 -- 22:49:34 - (stream-tcp.c:4180) <Info> (StreamTcpExitPrintStats) -- Stream TCP processed 9159856 TCP packets
[6734] 24/2/2013 -- 22:49:34 - (alert-fastlog.c:321) <Info> (AlertFastLogExitPrintStats) -- Fast log output wrote 2305 alerts
[6734] 24/2/2013 -- 22:49:34 - (log-httplog.c:617) <Info> (LogHttpLogExitPrintStats) -- HTTP logger logged 13 requests
[6734] 24/2/2013 -- 22:49:34 - (log-tlslog.c:528) <Info> (LogTlsLogExitPrintStats) -- TLS logger logged 3 requests
[6735] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1584) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth315) Kernel: Packets 65289000, dropped 40587228
[6735] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1587) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth315) Packets 24401699, bytes 22306283405
[6735] 24/2/2013 -- 22:49:34 - (stream-tcp.c:4180) <Info> (StreamTcpExitPrintStats) -- Stream TCP processed 9704854 TCP packets
[6735] 24/2/2013 -- 22:49:34 - (alert-fastlog.c:321) <Info> (AlertFastLogExitPrintStats) -- Fast log output wrote 2305 alerts
[6735] 24/2/2013 -- 22:49:34 - (log-httplog.c:617) <Info> (LogHttpLogExitPrintStats) -- HTTP logger logged 14 requests
[6735] 24/2/2013 -- 22:49:34 - (log-tlslog.c:528) <Info> (LogTlsLogExitPrintStats) -- TLS logger logged 4 requests
[6736] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1584) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth316) Kernel: Packets 66511810, dropped 41832973
[6736] 24/2/2013 -- 22:49:34 - (source-af-packet.c:1587) <Info> (ReceiveAFPThreadExitStats) -- (AFPacketeth316) Packets 24378764, bytes 22899418425
[6736] 24/2/2013 -- 22:49:34 - (stream-tcp.c:4180) <Info> (StreamTcpExitPrintStats) -- Stream TCP processed 9466590 TCP packets
[6736] 24/2/2013 -- 22:49:34 - (alert-fastlog.c:321) <Info> (AlertFastLogExitPrintStats) -- Fast log output wrote 2305 alerts
[6736] 24/2/2013 -- 22:49:34 - (log-httplog.c:617) <Info> (LogHttpLogExitPrintStats) -- HTTP logger logged 19 requests
[6736] 24/2/2013 -- 22:49:34 - (log-tlslog.c:528) <Info> (LogTlsLogExitPrintStats) -- TLS logger logged 3 requests
^C[6717] 24/2/2013 -- 22:49:38 - (host.c:244) <Info> (HostPrintStats) -- host memory usage: 349376 bytes, maximum: 16777216
[6717] 24/2/2013 -- 22:49:38 - (util-profiling-rules.c:299) <Info> (SCProfilingRuleDump) -- Dumping profiling data for 6555 rules.
[6717] 24/2/2013 -- 22:49:38 - (util-profiling-rules.c:416) <Info> (SCProfilingRuleDump) -- Done dumping profiling data.
[6717] 24/2/2013 -- 22:49:38 - (detect.c:3981) <Info> (SigAddressCleanupStage1) -- cleaning up signature grouping structure... complete
[6717] 24/2/2013 -- 22:49:38 - (util-profiling.c:275) <Info> (SCProfilingDump) -- Done dumping profiling data

notice how

Fast log output wrote 2305 alerts

is the same for every thread but the other stats are not.

I think it could be beneficial if "alerts output" is on a per detect thread as well - maybe take it directly from the "detect.alert" from stats.log?

thanks

Actions #1

Updated by Victor Julien about 11 years ago

  • Tracker changed from Optimization to Bug
  • Subject changed from aler stats on exit to alert stats on exit

I actually think we should just print on number, the number of alerts all threads logged combined. Output like the above is way to cluttered.

Actions #2

Updated by Peter Manev about 11 years ago

Can we do both?

Actions #3

Updated by Victor Julien over 10 years ago

  • Target version set to TBD
Actions #4

Updated by Andreas Herz over 7 years ago

  • Assignee set to OISF Dev
Actions #5

Updated by Victor Julien over 6 years ago

  • Status changed from New to Closed
  • Assignee deleted (OISF Dev)
  • Target version deleted (TBD)

Implemented in 4.0.

[61112] 19/10/2017 -- 08:03:19 - (counters.c:821) <Info> (StatsLogSummary) -- Alerts: 4489

Actions

Also available in: Atom PDF