suricata日志输出量统计-30G现网流量
现网流量30G,87473749pkts
日志总量:5.1G(开启flow日志)wc: 10538744 24517390 5468866338
日志总量:1.5G(不开flow日志)wc: 3146157 17138969 1560301811
http.wc: 860780 6819872 413261487
ftp.wc: 413 7068 707963
smtp.wc: 0 0 0
tls.wc: 134764 1750223 82568288
ssh.wc: 353 353 118646
smb.wc: 170321 1328426 82417272
dcerpc.wc: 239 239 95796
dns.wc: 1100992 1101366 477357027
ntp.wc: 0 0 0
tftp.wc: 2701 2701 748874
ikev2.wc: 1188 1206 568374
dhcp.wc: 46 46 15796
snmp.wc: 70051 70051 25726933
sip.wc: 360 1080 120657
rdp.wc: 552 553 176617
http2.wc: 0 0 0
suricata stats.log
------------------------------------------------------------------------------------
Date: 8/12/2021 -- 11:44:16 (uptime: 0d, 00h 04m 53s)
------------------------------------------------------------------------------------
Counter | TM Name | Value
------------------------------------------------------------------------------------
decoder.pkts | Total | 87473749
decoder.bytes | Total | 29826669135
decoder.invalid | Total | 30
decoder.ipv4 | Total | 87280154
decoder.ipv6 | Total | 73883
decoder.ethernet | Total | 87473749
decoder.tcp | Total | 81043935
decoder.udp | Total | 6039773
decoder.icmpv4 | Total | 253216
decoder.icmpv6 | Total | 6473
decoder.avg_pkt_size | Total | 340
decoder.max_pkt_size | Total | 1514
flow.tcp | Total | 7245784
flow.udp | Total | 146971
flow.icmpv4 | Total | 2441
flow.icmpv6 | Total | 886
flow.tcp_reuse | Total | 145
flow.wrk.spare_sync_avg | Total | 100
flow.wrk.spare_sync | Total | 70462
defrag.ipv4.fragments | Total | 8970
defrag.ipv4.reassembled | Total | 4305
decoder.event.icmpv4.unknown_type | Total | 546
decoder.event.icmpv4.unknown_code | Total | 216
decoder.event.icmpv4.ipv4_unknown_ver | Total | 30
decoder.event.ipv6.zero_len_padn | Total | 138
decoder.event.udp.pkt_too_small | Total | 3
decoder.event.ipv4.frag_overlap | Total | 152
flow.wrk.flows_evicted_needs_work | Total | 235518
flow.wrk.flows_evicted_pkt_inject | Total | 390482
flow.wrk.flows_evicted | Total | 132373
flow.wrk.flows_injected | Total | 221888
tcp.sessions | Total | 7215546
tcp.pseudo | Total | 56
tcp.syn | Total | 21788135
tcp.synack | Total | 2700936
tcp.rst | Total | 12721608
tcp.stream_depth_reached | Total | 761
tcp.reassembly_gap | Total | 69
tcp.overlap | Total | 10399018
tcp.insert_list_fail | Total | 758
app_layer.flow.http | Total | 464714
app_layer.tx.http | Total | 860769
app_layer.flow.ftp | Total | 33
app_layer.tx.ftp | Total | 399
app_layer.flow.smtp | Total | 26
app_layer.tx.smtp | Total | 51
app_layer.flow.tls | Total | 135554
app_layer.flow.ssh | Total | 254
app_layer.flow.smb | Total | 56633
app_layer.tx.smb | Total | 170321
app_layer.flow.dcerpc_tcp | Total | 61
app_layer.tx.dcerpc_tcp | Total | 239
app_layer.flow.dns_tcp | Total | 26
app_layer.tx.dns_tcp | Total | 132
app_layer.flow.ntp | Total | 2080
app_layer.tx.ntp | Total | 6127
app_layer.flow.tftp | Total | 154
app_layer.tx.tftp | Total | 2701
app_layer.flow.ikev2 | Total | 146
app_layer.tx.ikev2 | Total | 1188
app_layer.flow.dhcp | Total | 231
app_layer.tx.dhcp | Total | 9200
app_layer.flow.snmp | Total | 1673
app_layer.tx.snmp | Total | 70051
app_layer.flow.sip | Total | 42
app_layer.tx.sip | Total | 360
app_layer.flow.rdp | Total | 170
app_layer.tx.rdp | Total | 552
app_layer.flow.http2 | Total | 192
app_layer.tx.http2 | Total | 1889
app_layer.flow.failed_tcp | Total | 3277
app_layer.flow.dcerpc_udp | Total | 2
app_layer.tx.dcerpc_udp | Total | 18
app_layer.flow.dns_udp | Total | 79356
app_layer.tx.dns_udp | Total | 1100860
app_layer.flow.failed_udp | Total | 63287
flow.mgr.full_hash_pass | Total | 43
flow.spare | Total | 386203
flow.mgr.rows_maxlen | Total | 8
flow.mgr.flows_checked | Total | 10343125
flow.mgr.flows_notimeout | Total | 4910532
flow.mgr.flows_timeout | Total | 5432593
flow.mgr.flows_evicted | Total | 7019552
flow.mgr.flows_evicted_needs_work | Total | 218672
tcp.memuse | Total | 13762560
tcp.reassembly_memuse | Total | 2359296
ftp.memuse | Total | 220
flow.memuse | Total | 224849536