Suricata relevant statistics for a monitoring dashboard

Uniplexed · October 16, 2020, 5:36pm

Hello,

I’m building a Grafana dashboard on top of metrics collected by Telegraf and stored on InfluxDB. Something which I’d like to share with the community once I have something worthwhile.

The purpose of this dashboard is not necessarily to show all the metrics, but just those that provide quick view of resource usage and problem situations (both at suricata and nic level)

What I have so far:

Host total CPU usage %
Host total RAM usage %
Suricata process CPU usage %
Suricata process RAM usage %
Suricata internal stats: capture_errors, capture_kernel_drops, tcp_reassembly_gap (all threads totals)
Ethtool stats: rx/tx dropped/errors

What else would you recommend, for a generic dashboard? I know NIC’s have specific counters reported on ethtool depending on brand/model, so ideally this would not include those.

Thanks!

Jeff_Lucovsky · October 17, 2020, 1:45pm

You might consider including Suricata thread CPU usage as well to indicate how uniform the work load is. Note that this may help with identifying elephant flows or other “interesting” traffic patterns.

Consider a setup with multiple worker threads processing traffic. A worker with disproportionately more CPU usage may indicate a high speed elephant flow or other anomaly.

b4b857f6ee · November 12, 2020, 5:48pm

Yeh i don’t know if you have finish ours but if you want to add something to mine or use it for your need, i have lot of dashboard here : https://github.com/b4b857f6ee/selks_grafana_dashboard

Topic		Replies	Views
Suricata Grafana Dashboard Help ips , community , suricon , configuration , suricata	2	1683	August 13, 2023
Counters to be aware of?	1	99	April 25, 2024
Suricata stats.log metrics Help	4	2806	March 16, 2022
How do I send suricata logs to Grafana? Help	2	3721	April 14, 2022
Stats.log file question Help	2	721	March 4, 2021

Suricata relevant statistics for a monitoring dashboard

Related topics