Hi everyone.
During my research, I found that some “stats.log” files show the captured.packets “per-thread”. My file only shows “kernel.packets” instead of the “per-thread” captures. I am assuming that all threads are capturing the packets and combining the number of packets captured on the same field.
Maybe the “per-thread” stats.log file is some older Suricata version? I am using the most recent one.
Thanks
You can configure this in your suricata.yaml under the outputs section:
- stats:
totals: yes # stats for all threads merged together
threads: no # per thread stats <- THIS SETTING
deltas: no # include delta values
Correction, the above is for the stats in eve.json. For stats.log you’d use:
# Stats.log contains data from various counters of the Suricata engine.
- stats:
enabled: yes
filename: stats.log
append: yes # append to file (yes) or overwrite it (no)
totals: yes # stats for all threads merged together
threads: no # per thread stats <- THIS SETTING
#null-values: yes # print counters that have value 0. Default: no