[prev in list] [next in list] [prev in thread] [next in thread]
List: oisf-users
Subject: Re: [Oisf-users] Monitoring stats log file (with Zabbix) to measure impact of fine-tuning config fil
From: Victor Julien <lists () inliniac ! net>
Date: 2013-11-14 14:53:56
Message-ID: 5284E404.5030802 () inliniac ! net
[Download RAW message or body]
On 11/14/2013 02:00 PM, Christophe Vandeplas wrote:
> For quite some time I've been facing performance and configuration
> challenges with Suricata. One of my frustrations was that I could
> barely measure the results of configuration changes I made, especially
> because sometimes it takes hours before "things go wrong". Looking at
> the stats.log file manually didn't really seem practical so I wanted
> to integrate this in my monitoring tool to be able to plot graphs.
>
> For this I needed to write a script that consolidated the stats.log
> output, as counters are unique per thread it's kinda annoying to have
> 8 counters for the same thing if you're running with 8 threads like
> me.
>
> The script itself might be useful for anyone wanting to feed the
> stats.log to another tool.
>
> You'll find the story here:
> http://christophe.vandeplas.com/2013/11/suricata-monitoring-with-zabbix-or-other.html
>
> And the script and zabbix configuration here:
> https://github.com/cvandeplas/suricata_stats
>
> The zabbix xml template is not yet complete (still missing some
> counters) but I'll do my best to add them later.
>
> Hope it's useful for others.
Very cool. Thanks for sharing Christophe.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
_______________________________________________
Suricata IDS Users mailing list: oisf-users@openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
OISF: http://www.openinfosecfoundation.org/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic