Hello,
Where can I find a documentation explaining the meaning and the computation rule of each counter of the “dump-counter” output ?
Thank you
Hello,
I’m not sure we have all of our performance counters documented somewhere, at this point, especially in the way you’re asking.
My best suggestion would be to get started with 11.11. Performance Analysis — Suricata 8.0.0-dev documentation
Some of our stats counters will have some documentation available, but not in a dedicated section, as you’re asking for, I think.
Thank you Ju for your answer.
Anyway the 11.11 Chapter is not sufficient to explain behaviours.
Counters may help, but I just can guess what they represents and a lot of them can be subject of various interpretations.
Can you give me some more explaination on “Some of our stats counters will have some documentation available”. For example : what counters documentation would be available in where and in which version ?
As I said, there isn’t much. What I meant is that if one digs, one may be able to find scattered comments, but nothing very structured, nor specifically about performance
- A bit here, especially for packet loss: 11.6. Statistics — Suricata 8.0.0-dev documentation
- Some bits here tackle blocked traffic, which could impact performance: My traffic gets blocked after upgrading to Suricata 7
- this section hints on what can be learned from
stream.reassemblycounters: 11.3. Tuning Considerations — Suricata 8.0.0-dev documentation
And so on.
But, once again, it’s a documentation area that welcomes more contribution efforts. 
Hi, in addition to Ju’s answer, please note that soon, our schema might be a good source of information on those counters (It isn’t yet). This is currently being tracked in the ticket Documentation #6434: eve/schema: document stats - Suricata - Open Information Security Foundation
schema.json can be found here: suricata/etc/schema.json at master · OISF/suricata · GitHub
1 Like
Thank you for your answers !
1 Like