[prev in list] [next in list] [prev in thread] [next in thread]
List: oisf-users
Subject: Re: [Oisf-users] Configuration strategy for TCP segment pools/chunk pool
From: Peter Manev <petermanev () gmail ! com>
Date: 2017-11-26 19:11:32
Message-ID: 45C259A7-4785-4301-9205-F107F1C16481 () gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
> On 26 Nov 2017, at 19:34, Cooper F. Nelson <cnelson@ucsd.edu> wrote:
>
> I'm specifically trying to get metrics for peak usage of the tcp
> segments pool, like this:
> > 25/5/2014 -- 00:36:29 - <Info> - TCP segment pool of size 4 had a peak
> > use of 2041 segments, more than the prealloc setting of 256
>
This is diff and redone in 4+ (so you will not see similar to the above msg you \
refer to) https://redmine.openinfosecfoundation.org/projects/suricata/repository/revisions/master/entry/suricata.yaml.in#L1247
> The -vvv flag provides more data, but not this information unfortunately.
>
> -Coop
>
> > On 11/26/2017 10:18 AM, Peter Manev wrote:
> > In general running in the command line with "-vvv" with a default suricata.yaml \
> > will produce quite a verbose output - is that what you are after ? (Or you need \
> > more verbose suricata.log?)
>
>
> --
> Cooper Nelson
> Network Security Analyst
> UCSD ITS Security Team
> cnelson@ucsd.edu x41042
>
>
[Attachment #5 (text/html)]
<html><head><meta http-equiv="content-type" content="text/html; \
charset=utf-8"></head><body dir="auto"><br><div><br>On 26 Nov 2017, at 19:34, Cooper \
F. Nelson <<a href="mailto:cnelson@ucsd.edu">cnelson@ucsd.edu</a>> \
wrote:<br><br></div><blockquote type="cite"><div><span>I'm specifically trying to get \
metrics for peak usage of the tcp</span><br><span>segments pool, like \
this:</span><br><blockquote type="cite"><span>25/5/2014 -- 00:36:29 - <Info> - \
TCP segment pool of size 4 had a peak</span><br></blockquote><blockquote \
type="cite"><span>use of 2041 segments, more than the prealloc setting of \
256</span><br></blockquote><span></span><br></div></blockquote><div><br></div><div>This \
is diff and redone in 4+ (so you will not see similar to the above msg you \
refer to)</div><div><a \
href="https://redmine.openinfosecfoundation.org/projects/suricata/repository/revisions \
/master/entry/suricata.yaml.in#L1247">https://redmine.openinfosecfoundation.org/projec \
ts/suricata/repository/revisions/master/entry/suricata.yaml.in#L1247</a></div><div><br></div><div><br></div><br><blockquote \
type="cite"><div><span>The -vvv flag provides more data, but not this information \
unfortunately.</span><br><span></span><br><span>-Coop</span><br><span></span><br><span>On \
11/26/2017 10:18 AM, Peter Manev wrote:</span><br><blockquote type="cite"><span>In \
general running in the command line with "-vvv" with a default suricata.yaml will \
produce quite a verbose output - is that what you are after ? (Or you need more \
verbose suricata.log?)</span><br></blockquote><span></span><br><span></span><br><span>-- \
</span><br><span>Cooper Nelson</span><br><span>Network Security \
Analyst</span><br><span>UCSD ITS Security Team</span><br><span><a \
href="mailto:cnelson@ucsd.edu">cnelson@ucsd.edu</a> \
x41042</span><br><span></span><br><span></span><br></div></blockquote></body></html>
[Attachment #6 (text/plain)]
_______________________________________________
Suricata IDS Users mailing list: oisf-users@openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
Conference: https://suricon.net
Trainings: https://suricata-ids.org/training/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic