Re: Feature #1478

joshua.lumb · July 9, 2020, 9:53pm

Hi all,

Regarding the titular feature ticket on Redmine - it seems like the requested counter is very close to others that already exist.
flow_mgr.flows_checked - flow_mgr.flows_removed
would seem to give the desired result - the number of active flows after a pass through the hash table.

Am I correct here? And if so, is this something the Suricata community would like added still?

vjulien · July 10, 2020, 3:25pm

I don’t think this would be a reliable way. The checked number is affected by optimizations where we wouldn’t check entire hash rows worth of flows based on their timestamps.

I don’t think there is a way to get this number currently. I am interested in adding something for sure.

Topic		Replies	Views
Track number of accessed hosts outbound Rules	1	323	June 4, 2022
Re: Feature #3086 app_proto for Torrent Traffic Developers	1	661	July 14, 2020
Count flows in the rule Rules suricata	1	335	January 2, 2023
Flowbits and checks during profiling Rules	0	338	July 14, 2021
Time selection in evebox Help	2	285	December 24, 2020

Re: Feature #1478

Related Topics