Documentation for dump-counters


Where can I find a documentation explaining the meaning and the computation rule of each counter of the “dump-counter” output ?

Thank you


I’m not sure we have all of our performance counters documented somewhere, at this point, especially in the way you’re asking.

My best suggestion would be to get started with 11.11. Performance Analysis — Suricata 8.0.0-dev documentation

Some of our stats counters will have some documentation available, but not in a dedicated section, as you’re asking for, I think.

Thank you Ju for your answer.

Anyway the 11.11 Chapter is not sufficient to explain behaviours.
Counters may help, but I just can guess what they represents and a lot of them can be subject of various interpretations.

Can you give me some more explaination on “Some of our stats counters will have some documentation available”. For example : what counters documentation would be available in where and in which version ?

As I said, there isn’t much. What I meant is that if one digs, one may be able to find scattered comments, but nothing very structured, nor specifically about performance

And so on.
But, once again, it’s a documentation area that welcomes more contribution efforts. :slight_smile:

Hi, in addition to Ju’s answer, please note that soon, our schema might be a good source of information on those counters (It isn’t yet). This is currently being tracked in the ticket Documentation #6434: eve/schema: document stats - Suricata - Open Information Security Foundation
schema.json can be found here: suricata/etc/schema.json at master · OISF/suricata · GitHub

1 Like

Thank you for your answers !

1 Like