Re: Feature #1478

joshua.lumb · July 9, 2020, 9:53pm

Hi all,

Regarding the titular feature ticket on Redmine - it seems like the requested counter is very close to others that already exist.
flow_mgr.flows_checked - flow_mgr.flows_removed
would seem to give the desired result - the number of active flows after a pass through the hash table.

Am I correct here? And if so, is this something the Suricata community would like added still?

vjulien · July 10, 2020, 3:25pm

I don’t think this would be a reliable way. The checked number is affected by optimizations where we wouldn’t check entire hash rows worth of flows based on their timestamps.

I don’t think there is a way to get this number currently. I am interested in adding something for sure.

Topic		Replies	Views
Active timeout for flows Help	1	368	August 29, 2021
Netflow as input for Suricata Help	4	2914	June 11, 2021
Help Needed ! Suricata drops - ,"metadata":{"flowints":{"http.anomaly.count":1}}, Rules ips , rules	5	277	October 7, 2023
Suricata rules - Help Help	1	305	February 22, 2021
Suricata flow table Developers	3	233	January 16, 2024

Re: Feature #1478

Related topics