diff --git a/README.md b/README.md index 9275a17..39cb3ff 100644 --- a/README.md +++ b/README.md @@ -45,3 +45,5 @@ Currently produces per-thread metrics for `decoder`, `flow`, `flow_bypassed`, Developed against Suricata 6.0.4 and af-packet. Most supported metrics are hard-coded. + +Updated for Suricata 7.0.0, but not all new metrics have been added. diff --git a/main.go b/main.go index d265e67..9e6af60 100644 --- a/main.go +++ b/main.go @@ -70,13 +70,37 @@ func newPerThreadGaugeMetric(subsystem, name, docString string, field string, va var ( metricUptime = newMetric("", "uptime_seconds", "Uptime for the Suricata process in seconds", prometheus.GaugeValue, "uptime", []string{}) - // From .thread.tcp + // From .thread.capture perThreadCaptureMetrics = []metricInfo{ newPerThreadCounterMetric("capture", "kernel_packets_total", "", "kernel_packets"), newPerThreadCounterMetric("capture", "kernel_drops_total", "", "kernel_drops"), newPerThreadCounterMetric("capture", "errors_total", "", "errors").Optional(), } + // .thread.capture.afpacket + perThreadCaptureAFPacketMetrics = []metricInfo{ + newPerThreadGaugeMetric("capture", "afpacket_busy_loop_avg", "", "busy_loop_avg"), + // The following 4 are put into a single metrics afpacket_polls_total + // where the result is a labels. + // newPerThreadCounterMetric("capture", "afpacket_poll_total", "", "polls"), + // newPerThreadCounterMetric("capture", "afpacket_poll_signal_total", "", "poll_signal"), + // newPerThreadCounterMetric("capture", "afpacket_poll_timeout_total", "", "poll_timeout"), + // newPerThreadCounterMetric("capture", "afpacket_poll_data_total", "", "poll_data"), + // newPerThreadCounterMetric("capture", "afpacket_poll_errors_total", "", "poll_errors"), + newPerThreadCounterMetric("capture", "afpacket_send_errors_total", "", "send_errors"), + } + + // Collect individual afpacket_poll outcomes into a single metric. + perThreadAFPacketPollResultMetric = newPerThreadCounterMetric("capture", "afpacket_poll_results_total", "", "", "result") + + // Entries in afpacket to the label + perThreadAFPacketPollResultEntries = [][2]string{ + {"poll_signal", "signal"}, + {"poll_timeout", "timeout"}, + {"poll_data", "data"}, + {"poll_errors", "error"}, + } + // Not quite sure it would be better to have those as labels or separate // metrics. But summing them up seems weird (think tcp on top of ipv4 inside gre), // so keeping them as separate metrics for now. @@ -89,6 +113,9 @@ var ( newPerThreadCounterMetric("decoder", "ipv4_packets_total", "", "ipv4"), newPerThreadCounterMetric("decoder", "ipv6_packets_total", "", "ipv6"), newPerThreadCounterMetric("decoder", "ethernet_packets_total", "", "ethernet"), + // New in 7.0.0 + newPerThreadCounterMetric("decoder", "arp_packets_total", "", "arp").Optional(), + newPerThreadCounterMetric("decoder", "unknown_ethertype_packets_total", "", "unknown_ethertype").Optional(), newPerThreadCounterMetric("decoder", "chdlc_packets_total", "", "chdlc"), newPerThreadCounterMetric("decoder", "raw_packets_total", "", "raw"), newPerThreadCounterMetric("decoder", "null_packets_total", "", "null"), @@ -96,6 +123,8 @@ var ( newPerThreadCounterMetric("decoder", "tcp_packets_total", "", "tcp"), newPerThreadCounterMetric("decoder", "udp_packets_total", "", "udp"), newPerThreadCounterMetric("decoder", "sctp_packets_total", "", "sctp"), + // New in 7.0.0 + newPerThreadCounterMetric("decoder", "esp_packets_total", "", "esp").Optional(), newPerThreadCounterMetric("decoder", "icmpv4_packets_total", "", "icmpv4"), newPerThreadCounterMetric("decoder", "icmpv6_packets_total", "", "icmpv6"), newPerThreadCounterMetric("decoder", "ppp_packets_total", "", "ppp"), @@ -104,6 +133,8 @@ var ( newPerThreadCounterMetric("decoder", "gre_packets_total", "", "gre"), newPerThreadCounterMetric("decoder", "vlan_packets_total", "", "vlan"), newPerThreadCounterMetric("decoder", "vlan_qinq_packets_total", "", "vlan_qinq"), + // New in 7.0.0 + newPerThreadCounterMetric("decoder", "vlan_qinqinq_packets_total", "", "vlan_qinqinq").Optional(), newPerThreadCounterMetric("decoder", "vxlan_packets_total", "", "vxlan"), newPerThreadCounterMetric("decoder", "vntag_packets_total", "", "vntag"), newPerThreadCounterMetric("decoder", "ieee8021ah_packets_total", "", "ieee8021ah"), @@ -111,6 +142,9 @@ var ( newPerThreadCounterMetric("decoder", "ipv4_in_ipv6_packets_total", "", "ipv4_in_ipv6"), newPerThreadCounterMetric("decoder", "ipv6_in_ipv6_packets_total", "", "ipv6_in_ipv6"), newPerThreadCounterMetric("decoder", "mpls_packets_total", "", "mpls"), + newPerThreadCounterMetric("decoder", "erspan_packets_total", "", "erspan"), + // New in 7.0.0 + newPerThreadCounterMetric("decoder", "nsh_packets_total", "", "nsh").Optional(), // They are there, so include them. newPerThreadGaugeMetric("decoder", "packet_size_avg", "", "avg_pkt_size"), @@ -169,6 +203,16 @@ var ( // From .thread.tcp perThreadTcpMetrics = []metricInfo{ + // New in 7.0.0 + newPerThreadCounterMetric("tcp", "ack_unseen_data_total", "", "ack_unseen_data").Optional(), + // Not sure if active is working on a per-thread basis: Seems to be a counter going + // up on the worker threads and down on the flow recycler. Seems a bit borked :-/ + // newPerThreadGaugeMetric("tcp", "sessions_active", "", "active_sessions").Optional(), + newPerThreadCounterMetric("tcp", "segment_from_cache_total", "", "segment_from_cache").Optional(), + newPerThreadCounterMetric("tcp", "segment_from_pool_total", "", "segment_from_pool").Optional(), + newPerThreadCounterMetric("tcp", "ssn_from_cache_total", "", "ssn_from_cache").Optional(), + newPerThreadCounterMetric("tcp", "ssn_from_pool_total", "", "ssn_from_pool").Optional(), + newPerThreadCounterMetric("tcp", "sessions_total", "", "sessions"), newPerThreadCounterMetric("tcp", "ssn_memcap_drop_total", "", "ssn_memcap_drop"), newPerThreadCounterMetric("tcp", "pseudo_total", "", "pseudo"), @@ -195,6 +239,9 @@ var ( // From .thread.detect perThreadDetectMetrics = []metricInfo{ newPerThreadCounterMetric("detect", "alerts_total", "", "alert"), + // New in 7.0.0 + newPerThreadCounterMetric("detect", "alert_queue_overflows_total", "", "alert_queue_overflow").Optional(), + newPerThreadCounterMetric("detect", "alerts_suppressed_total", "", "alerts_suppressed").Optional(), } // From: .thread.app_layer, labeled with the key. I think summing @@ -480,6 +527,28 @@ func handleWorkerThread(ch chan<- prometheus.Metric, threadName string, thread m ch <- cm } } + + if afpacket, ok := capture["afpacket"].(map[string]interface{}); ok { + for _, m := range perThreadCaptureAFPacketMetrics { + if cm := newConstMetric(m, afpacket, threadName); cm != nil { + ch <- cm + } + } + + for _, key_label := range perThreadAFPacketPollResultEntries { + k := key_label[0] + label := key_label[1] + + if value, ok := afpacket[k].(float64); ok { + ch <- prometheus.MustNewConstMetric( + perThreadAFPacketPollResultMetric.desc, + perThreadAFPacketPollResultMetric.t, + value, label, threadName) + } else { + log.Printf("ERROR: Failed afpacket %v in %v", k, afpacket) + } + } + } } tcp := thread["tcp"].(map[string]interface{}) diff --git a/main_test.go b/main_test.go index 4b8807a..398a5fb 100644 --- a/main_test.go +++ b/main_test.go @@ -220,8 +220,8 @@ func TestDump604Netmap(t *testing.T) { metrics := produceMetricsHelper(counters) // This is a bit dumb because once more metrics are added this isn't // useful, but testing individual metrics is a bit annoying. - if len(metrics) != 231 { - t.Errorf("Expected 231 metrics, got %d", len(metrics)) + if len(metrics) != 233 { + t.Errorf("Expected 233 metrics, got %d", len(metrics)) } } @@ -262,3 +262,44 @@ func TestDump604Napatech(t *testing.T) { t.Errorf("Missing suricata_napatech_dispatch_drop_packets_total metric") } } + +func TestDump700AFPacket(t *testing.T) { + data, err := ioutil.ReadFile("./testdata/dump-counters-7.0.0-afpacket.json") + if err != nil { + log.Panicf("Unable to open file: %s", err) + } + + var counters map[string]interface{} + json.Unmarshal(data, &counters) + + metrics := produceMetricsHelper(counters) + agged := aggregateMetrics(metrics) + + tms, ok := agged["suricata_capture_afpacket_poll_results_total"] // test metrics + if !ok { + t.Errorf("Failed to find suricata_capture_afpacket_poll_results_total metrics") + } + + // 2 threads, 4 results + if len(tms) != 8 { + t.Errorf("Unexpected number of suricata_capture_afpacket_poll_results_total metrics: %v", len(tms)) + } + + tms, ok = agged["suricata_detect_alerts_total"] // test metrics + if !ok { + t.Errorf("Failed to find detect_alerts_total metrics") + } + + if len(tms) != 2 { + t.Errorf("Unexpected number of suricata_detect_alerts_total metrics: %v", len(tms)) + } + + tms, ok = agged["suricata_detect_alert_queue_overflows_total"] // test metrics + if !ok { + t.Errorf("Failed to find detect_alerts_queue_overflows_total metrics") + } + + if len(tms) != 2 { + t.Errorf("Unexpected number of suricata_detect_alerts_queue_overflows_total metrics: %v", len(tms)) + } +} diff --git a/testdata/dump-counters-7.0.0-afpacket.json b/testdata/dump-counters-7.0.0-afpacket.json new file mode 100644 index 0000000..2232f74 --- /dev/null +++ b/testdata/dump-counters-7.0.0-afpacket.json @@ -0,0 +1,1858 @@ +{ + "message": { + "uptime": 277, + "capture": { + "kernel_packets": 8108, + "kernel_drops": 0, + "errors": 0, + "afpacket": { + "busy_loop_avg": 0, + "polls": 5561, + "poll_signal": 0, + "poll_timeout": 5335, + "poll_data": 226, + "poll_errors": 0, + "send_errors": 0 + } + }, + "decoder": { + "pkts": 4054, + "bytes": 595455, + "invalid": 0, + "ipv4": 4024, + "ipv6": 30, + "ethernet": 4054, + "arp": 0, + "unknown_ethertype": 0, + "chdlc": 0, + "raw": 0, + "null": 0, + "sll": 0, + "tcp": 4034, + "udp": 20, + "sctp": 0, + "esp": 0, + "icmpv4": 0, + "icmpv6": 0, + "ppp": 0, + "pppoe": 0, + "geneve": 0, + "gre": 0, + "vlan": 0, + "vlan_qinq": 0, + "vlan_qinqinq": 0, + "vxlan": 0, + "vntag": 0, + "ieee8021ah": 0, + "teredo": 0, + "ipv4_in_ipv6": 0, + "ipv6_in_ipv6": 0, + "mpls": 0, + "avg_pkt_size": 146, + "max_pkt_size": 1513, + "max_mac_addrs_src": 0, + "max_mac_addrs_dst": 0, + "erspan": 0, + "nsh": 0, + "event": { + "ipv4": { + "pkt_too_small": 0, + "hlen_too_small": 0, + "iplen_smaller_than_hlen": 0, + "trunc_pkt": 0, + "opt_invalid": 0, + "opt_invalid_len": 0, + "opt_malformed": 0, + "opt_pad_required": 0, + "opt_eol_required": 0, + "opt_duplicate": 0, + "opt_unknown": 0, + "wrong_ip_version": 0, + "icmpv6": 0, + "frag_pkt_too_large": 0, + "frag_overlap": 0, + "frag_ignored": 0 + }, + "icmpv4": { + "pkt_too_small": 0, + "unknown_type": 0, + "unknown_code": 0, + "ipv4_trunc_pkt": 0, + "ipv4_unknown_ver": 0 + }, + "icmpv6": { + "unknown_type": 0, + "unknown_code": 0, + "pkt_too_small": 0, + "ipv6_unknown_version": 0, + "ipv6_trunc_pkt": 0, + "mld_message_with_invalid_hl": 0, + "unassigned_type": 0, + "experimentation_type": 0 + }, + "ipv6": { + "pkt_too_small": 0, + "trunc_pkt": 0, + "trunc_exthdr": 0, + "exthdr_dupl_fh": 0, + "exthdr_useless_fh": 0, + "exthdr_dupl_rh": 0, + "exthdr_dupl_hh": 0, + "exthdr_dupl_dh": 0, + "exthdr_dupl_ah": 0, + "exthdr_dupl_eh": 0, + "exthdr_invalid_optlen": 0, + "wrong_ip_version": 0, + "exthdr_ah_res_not_null": 0, + "hopopts_unknown_opt": 0, + "hopopts_only_padding": 0, + "dstopts_unknown_opt": 0, + "dstopts_only_padding": 0, + "rh_type_0": 0, + "zero_len_padn": 0, + "fh_non_zero_reserved_field": 0, + "data_after_none_header": 0, + "unknown_next_header": 0, + "icmpv4": 0, + "frag_pkt_too_large": 0, + "frag_overlap": 0, + "frag_invalid_length": 0, + "frag_ignored": 0, + "ipv4_in_ipv6_too_small": 0, + "ipv4_in_ipv6_wrong_version": 0, + "ipv6_in_ipv6_too_small": 0, + "ipv6_in_ipv6_wrong_version": 0 + }, + "tcp": { + "pkt_too_small": 0, + "hlen_too_small": 0, + "invalid_optlen": 0, + "opt_invalid_len": 0, + "opt_duplicate": 0 + }, + "udp": { + "pkt_too_small": 0, + "hlen_too_small": 0, + "hlen_invalid": 0, + "len_invalid": 0 + }, + "sll": { + "pkt_too_small": 0 + }, + "ethernet": { + "pkt_too_small": 0 + }, + "ppp": { + "pkt_too_small": 0, + "vju_pkt_too_small": 0, + "ip4_pkt_too_small": 0, + "ip6_pkt_too_small": 0, + "wrong_type": 0, + "unsup_proto": 0 + }, + "pppoe": { + "pkt_too_small": 0, + "wrong_code": 0, + "malformed_tags": 0 + }, + "gre": { + "pkt_too_small": 0, + "wrong_version": 0, + "version0_recur": 0, + "version0_flags": 0, + "version0_hdr_too_big": 0, + "version0_malformed_sre_hdr": 0, + "version1_chksum": 0, + "version1_route": 0, + "version1_ssr": 0, + "version1_recur": 0, + "version1_flags": 0, + "version1_no_key": 0, + "version1_wrong_protocol": 0, + "version1_malformed_sre_hdr": 0, + "version1_hdr_too_big": 0 + }, + "vlan": { + "header_too_small": 0, + "unknown_type": 0, + "too_many_layers": 0 + }, + "ieee8021ah": { + "header_too_small": 0 + }, + "vntag": { + "header_too_small": 0, + "unknown_type": 0 + }, + "ipraw": { + "invalid_ip_version": 0 + }, + "ltnull": { + "pkt_too_small": 0, + "unsupported_type": 0 + }, + "sctp": { + "pkt_too_small": 0 + }, + "esp": { + "pkt_too_small": 0 + }, + "mpls": { + "header_too_small": 0, + "pkt_too_small": 0, + "bad_label_router_alert": 0, + "bad_label_implicit_null": 0, + "bad_label_reserved": 0, + "unknown_payload_type": 0 + }, + "vxlan": { + "unknown_payload_type": 0 + }, + "geneve": { + "unknown_payload_type": 0 + }, + "erspan": { + "header_too_small": 0, + "unsupported_version": 0, + "too_many_vlan_layers": 0 + }, + "dce": { + "pkt_too_small": 0 + }, + "chdlc": { + "pkt_too_small": 0 + }, + "nsh": { + "header_too_small": 0, + "unsupported_version": 0, + "bad_header_length": 0, + "reserved_type": 0, + "unsupported_type": 0, + "unknown_payload": 0 + } + }, + "too_many_layers": 0 + }, + "tcp": { + "syn": 350, + "synack": 320, + "rst": 39, + "active_sessions": 9, + "sessions": 350, + "ssn_memcap_drop": 0, + "ssn_from_cache": 0, + "ssn_from_pool": 350, + "pseudo": 0, + "pseudo_failed": 0, + "invalid_checksum": 0, + "midstream_pickups": 0, + "pkt_on_wrong_thread": 0, + "ack_unseen_data": 0, + "segment_memcap_drop": 0, + "segment_from_cache": 1026, + "segment_from_pool": 6, + "stream_depth_reached": 0, + "reassembly_gap": 0, + "overlap": 0, + "overlap_diff_data": 0, + "insert_data_normal_fail": 0, + "insert_data_overlap_fail": 0, + "memuse": 1212416, + "reassembly_memuse": 266240 + }, + "flow": { + "memcap": 0, + "total": 360, + "active": 19, + "tcp": 350, + "udp": 10, + "icmpv4": 0, + "icmpv6": 0, + "tcp_reuse": 0, + "get_used": 0, + "get_used_eval": 0, + "get_used_eval_reject": 0, + "get_used_eval_busy": 0, + "get_used_failed": 0, + "wrk": { + "spare_sync_avg": 100, + "spare_sync": 4, + "spare_sync_incomplete": 0, + "spare_sync_empty": 0, + "flows_evicted_needs_work": 0, + "flows_evicted_pkt_inject": 0, + "flows_evicted": 0, + "flows_injected": 0, + "flows_injected_max": 0 + }, + "end": { + "state": { + "new": 0, + "established": 0, + "closed": 341, + "local_bypassed": 0 + }, + "tcp_state": { + "none": 0, + "syn_sent": 0, + "syn_recv": 0, + "established": 0, + "fin_wait1": 0, + "fin_wait2": 0, + "time_wait": 0, + "last_ack": 0, + "close_wait": 0, + "closing": 0, + "closed": 341 + }, + "tcp_liberal": 0 + }, + "mgr": { + "full_hash_pass": 27, + "rows_per_sec": 6553, + "rows_maxlen": 1, + "flows_checked": 731, + "flows_notimeout": 390, + "flows_timeout": 341, + "flows_evicted": 341, + "flows_evicted_needs_work": 0 + }, + "spare": 9941, + "emerg_mode_entered": 0, + "emerg_mode_over": 0, + "recycler": { + "recycled": 341, + "queue_avg": 1, + "queue_max": 57 + }, + "memuse": 7154304 + }, + "defrag": { + "ipv4": { + "fragments": 0, + "reassembled": 0 + }, + "ipv6": { + "fragments": 0, + "reassembled": 0 + }, + "max_frag_hits": 0 + }, + "flow_bypassed": { + "local_pkts": 0, + "local_bytes": 0, + "local_capture_pkts": 0, + "local_capture_bytes": 0, + "closed": 0, + "pkts": 0, + "bytes": 0 + }, + "detect": { + "engines": [ + { + "id": 0, + "last_reload": "2023-08-02T19:41:32.583098+0200", + "rules_loaded": 0, + "rules_failed": 0 + } + ], + "alert": 0, + "alert_queue_overflow": 0, + "alerts_suppressed": 0 + }, + "app_layer": { + "flow": { + "http": 311, + "ftp": 0, + "smtp": 0, + "tls": 9, + "ssh": 0, + "imap": 0, + "smb": 0, + "dcerpc_tcp": 0, + "dns_tcp": 0, + "nfs_tcp": 0, + "ntp": 0, + "ftp-data": 0, + "tftp": 0, + "ike": 0, + "krb5_tcp": 0, + "quic": 0, + "dhcp": 0, + "snmp": 0, + "sip": 0, + "rfb": 0, + "mqtt": 0, + "telnet": 0, + "rdp": 0, + "http2": 0, + "bittorrent-dht": 0, + "failed_tcp": 0, + "dcerpc_udp": 0, + "dns_udp": 10, + "nfs_udp": 0, + "krb5_udp": 0, + "failed_udp": 0 + }, + "tx": { + "http": 311, + "ftp": 0, + "smtp": 0, + "tls": 0, + "ssh": 0, + "imap": 0, + "smb": 0, + "dcerpc_tcp": 0, + "dns_tcp": 0, + "nfs_tcp": 0, + "ntp": 0, + "ftp-data": 0, + "tftp": 0, + "ike": 0, + "krb5_tcp": 0, + "quic": 0, + "dhcp": 0, + "snmp": 0, + "sip": 0, + "rfb": 0, + "mqtt": 0, + "telnet": 0, + "rdp": 0, + "http2": 0, + "bittorrent-dht": 0, + "dcerpc_udp": 0, + "dns_udp": 20, + "nfs_udp": 0, + "krb5_udp": 0 + }, + "error": { + "http": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "ftp": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "smtp": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "tls": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "ssh": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "imap": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "smb": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "dcerpc_tcp": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "dns_tcp": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "nfs_tcp": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "ntp": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "ftp-data": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "tftp": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "ike": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "krb5_tcp": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "quic": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "dhcp": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "snmp": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "sip": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "rfb": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "mqtt": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "telnet": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "rdp": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "http2": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "bittorrent-dht": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "failed_tcp": { + "gap": 0 + }, + "dcerpc_udp": { + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "dns_udp": { + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "nfs_udp": { + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "krb5_udp": { + "alloc": 0, + "parser": 0, + "internal": 0 + } + }, + "expectations": 0 + }, + "http": { + "memuse": 0, + "memcap": 0 + }, + "ftp": { + "memuse": 0, + "memcap": 0 + }, + "file_store": { + "open_files": 0 + }, + "threads": { + "W#01-lo": { + "capture": { + "kernel_packets": 4214, + "kernel_drops": 0, + "errors": 0, + "afpacket": { + "busy_loop_avg": 0, + "polls": 2786, + "poll_signal": 0, + "poll_timeout": 2666, + "poll_data": 120, + "poll_errors": 0, + "send_errors": 0 + } + }, + "decoder": { + "pkts": 2107, + "bytes": 310591, + "invalid": 0, + "ipv4": 2077, + "ipv6": 30, + "ethernet": 2107, + "arp": 0, + "unknown_ethertype": 0, + "chdlc": 0, + "raw": 0, + "null": 0, + "sll": 0, + "tcp": 2091, + "udp": 16, + "sctp": 0, + "esp": 0, + "icmpv4": 0, + "icmpv6": 0, + "ppp": 0, + "pppoe": 0, + "geneve": 0, + "gre": 0, + "vlan": 0, + "vlan_qinq": 0, + "vlan_qinqinq": 0, + "vxlan": 0, + "vntag": 0, + "ieee8021ah": 0, + "teredo": 0, + "ipv4_in_ipv6": 0, + "ipv6_in_ipv6": 0, + "mpls": 0, + "avg_pkt_size": 147, + "max_pkt_size": 1513, + "max_mac_addrs_src": 0, + "max_mac_addrs_dst": 0, + "erspan": 0, + "nsh": 0, + "event": { + "ipv4": { + "pkt_too_small": 0, + "hlen_too_small": 0, + "iplen_smaller_than_hlen": 0, + "trunc_pkt": 0, + "opt_invalid": 0, + "opt_invalid_len": 0, + "opt_malformed": 0, + "opt_pad_required": 0, + "opt_eol_required": 0, + "opt_duplicate": 0, + "opt_unknown": 0, + "wrong_ip_version": 0, + "icmpv6": 0, + "frag_pkt_too_large": 0, + "frag_overlap": 0, + "frag_ignored": 0 + }, + "icmpv4": { + "pkt_too_small": 0, + "unknown_type": 0, + "unknown_code": 0, + "ipv4_trunc_pkt": 0, + "ipv4_unknown_ver": 0 + }, + "icmpv6": { + "unknown_type": 0, + "unknown_code": 0, + "pkt_too_small": 0, + "ipv6_unknown_version": 0, + "ipv6_trunc_pkt": 0, + "mld_message_with_invalid_hl": 0, + "unassigned_type": 0, + "experimentation_type": 0 + }, + "ipv6": { + "pkt_too_small": 0, + "trunc_pkt": 0, + "trunc_exthdr": 0, + "exthdr_dupl_fh": 0, + "exthdr_useless_fh": 0, + "exthdr_dupl_rh": 0, + "exthdr_dupl_hh": 0, + "exthdr_dupl_dh": 0, + "exthdr_dupl_ah": 0, + "exthdr_dupl_eh": 0, + "exthdr_invalid_optlen": 0, + "wrong_ip_version": 0, + "exthdr_ah_res_not_null": 0, + "hopopts_unknown_opt": 0, + "hopopts_only_padding": 0, + "dstopts_unknown_opt": 0, + "dstopts_only_padding": 0, + "rh_type_0": 0, + "zero_len_padn": 0, + "fh_non_zero_reserved_field": 0, + "data_after_none_header": 0, + "unknown_next_header": 0, + "icmpv4": 0, + "frag_pkt_too_large": 0, + "frag_overlap": 0, + "frag_invalid_length": 0, + "frag_ignored": 0, + "ipv4_in_ipv6_too_small": 0, + "ipv4_in_ipv6_wrong_version": 0, + "ipv6_in_ipv6_too_small": 0, + "ipv6_in_ipv6_wrong_version": 0 + }, + "tcp": { + "pkt_too_small": 0, + "hlen_too_small": 0, + "invalid_optlen": 0, + "opt_invalid_len": 0, + "opt_duplicate": 0 + }, + "udp": { + "pkt_too_small": 0, + "hlen_too_small": 0, + "hlen_invalid": 0, + "len_invalid": 0 + }, + "sll": { + "pkt_too_small": 0 + }, + "ethernet": { + "pkt_too_small": 0 + }, + "ppp": { + "pkt_too_small": 0, + "vju_pkt_too_small": 0, + "ip4_pkt_too_small": 0, + "ip6_pkt_too_small": 0, + "wrong_type": 0, + "unsup_proto": 0 + }, + "pppoe": { + "pkt_too_small": 0, + "wrong_code": 0, + "malformed_tags": 0 + }, + "gre": { + "pkt_too_small": 0, + "wrong_version": 0, + "version0_recur": 0, + "version0_flags": 0, + "version0_hdr_too_big": 0, + "version0_malformed_sre_hdr": 0, + "version1_chksum": 0, + "version1_route": 0, + "version1_ssr": 0, + "version1_recur": 0, + "version1_flags": 0, + "version1_no_key": 0, + "version1_wrong_protocol": 0, + "version1_malformed_sre_hdr": 0, + "version1_hdr_too_big": 0 + }, + "vlan": { + "header_too_small": 0, + "unknown_type": 0, + "too_many_layers": 0 + }, + "ieee8021ah": { + "header_too_small": 0 + }, + "vntag": { + "header_too_small": 0, + "unknown_type": 0 + }, + "ipraw": { + "invalid_ip_version": 0 + }, + "ltnull": { + "pkt_too_small": 0, + "unsupported_type": 0 + }, + "sctp": { + "pkt_too_small": 0 + }, + "esp": { + "pkt_too_small": 0 + }, + "mpls": { + "header_too_small": 0, + "pkt_too_small": 0, + "bad_label_router_alert": 0, + "bad_label_implicit_null": 0, + "bad_label_reserved": 0, + "unknown_payload_type": 0 + }, + "vxlan": { + "unknown_payload_type": 0 + }, + "geneve": { + "unknown_payload_type": 0 + }, + "erspan": { + "header_too_small": 0, + "unsupported_version": 0, + "too_many_vlan_layers": 0 + }, + "dce": { + "pkt_too_small": 0 + }, + "chdlc": { + "pkt_too_small": 0 + }, + "nsh": { + "header_too_small": 0, + "unsupported_version": 0, + "bad_header_length": 0, + "reserved_type": 0, + "unsupported_type": 0, + "unknown_payload": 0 + } + }, + "too_many_layers": 0 + }, + "tcp": { + "syn": 186, + "synack": 163, + "rst": 29, + "active_sessions": 186, + "sessions": 186, + "ssn_memcap_drop": 0, + "ssn_from_cache": 0, + "ssn_from_pool": 186, + "pseudo": 0, + "pseudo_failed": 0, + "invalid_checksum": 0, + "midstream_pickups": 0, + "pkt_on_wrong_thread": 0, + "ack_unseen_data": 0, + "segment_memcap_drop": 0, + "segment_from_cache": 533, + "segment_from_pool": 4, + "stream_depth_reached": 0, + "reassembly_gap": 0, + "overlap": 0, + "overlap_diff_data": 0, + "insert_data_normal_fail": 0, + "insert_data_overlap_fail": 0 + }, + "flow": { + "memcap": 0, + "total": 194, + "active": 194, + "tcp": 186, + "udp": 8, + "icmpv4": 0, + "icmpv6": 0, + "tcp_reuse": 0, + "get_used": 0, + "get_used_eval": 0, + "get_used_eval_reject": 0, + "get_used_eval_busy": 0, + "get_used_failed": 0, + "wrk": { + "spare_sync_avg": 100, + "spare_sync": 2, + "spare_sync_incomplete": 0, + "spare_sync_empty": 0, + "flows_evicted_needs_work": 0, + "flows_evicted_pkt_inject": 0, + "flows_evicted": 0, + "flows_injected": 0, + "flows_injected_max": 0 + }, + "end": { + "state": { + "new": 0, + "established": 0, + "closed": 0, + "local_bypassed": 0 + }, + "tcp_state": { + "none": 0, + "syn_sent": 0, + "syn_recv": 0, + "established": 0, + "fin_wait1": 0, + "fin_wait2": 0, + "time_wait": 0, + "last_ack": 0, + "close_wait": 0, + "closing": 0, + "closed": 0 + }, + "tcp_liberal": 0 + } + }, + "defrag": { + "ipv4": { + "fragments": 0, + "reassembled": 0 + }, + "ipv6": { + "fragments": 0, + "reassembled": 0 + }, + "max_frag_hits": 0 + }, + "flow_bypassed": { + "local_pkts": 0, + "local_bytes": 0, + "local_capture_pkts": 0, + "local_capture_bytes": 0 + }, + "detect": { + "engines": [ + { + "id": 0, + "last_reload": "2023-08-02T19:41:32.583098+0200", + "rules_loaded": 0, + "rules_failed": 0 + } + ], + "alert": 0, + "alert_queue_overflow": 0, + "alerts_suppressed": 0 + }, + "app_layer": { + "flow": { + "http": 157, + "ftp": 0, + "smtp": 0, + "tls": 6, + "ssh": 0, + "imap": 0, + "smb": 0, + "dcerpc_tcp": 0, + "dns_tcp": 0, + "nfs_tcp": 0, + "ntp": 0, + "ftp-data": 0, + "tftp": 0, + "ike": 0, + "krb5_tcp": 0, + "quic": 0, + "dhcp": 0, + "snmp": 0, + "sip": 0, + "rfb": 0, + "mqtt": 0, + "telnet": 0, + "rdp": 0, + "http2": 0, + "bittorrent-dht": 0, + "failed_tcp": 0, + "dcerpc_udp": 0, + "dns_udp": 8, + "nfs_udp": 0, + "krb5_udp": 0, + "failed_udp": 0 + }, + "tx": { + "http": 157, + "ftp": 0, + "smtp": 0, + "tls": 0, + "ssh": 0, + "imap": 0, + "smb": 0, + "dcerpc_tcp": 0, + "dns_tcp": 0, + "nfs_tcp": 0, + "ntp": 0, + "ftp-data": 0, + "tftp": 0, + "ike": 0, + "krb5_tcp": 0, + "quic": 0, + "dhcp": 0, + "snmp": 0, + "sip": 0, + "rfb": 0, + "mqtt": 0, + "telnet": 0, + "rdp": 0, + "http2": 0, + "bittorrent-dht": 0, + "dcerpc_udp": 0, + "dns_udp": 16, + "nfs_udp": 0, + "krb5_udp": 0 + }, + "error": { + "http": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "ftp": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "smtp": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "tls": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "ssh": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "imap": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "smb": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "dcerpc_tcp": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "dns_tcp": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "nfs_tcp": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "ntp": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "ftp-data": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "tftp": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "ike": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "krb5_tcp": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "quic": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "dhcp": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "snmp": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "sip": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "rfb": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "mqtt": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "telnet": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "rdp": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "http2": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "bittorrent-dht": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "failed_tcp": { + "gap": 0 + }, + "dcerpc_udp": { + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "dns_udp": { + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "nfs_udp": { + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "krb5_udp": { + "alloc": 0, + "parser": 0, + "internal": 0 + } + } + } + }, + "W#02-lo": { + "capture": { + "kernel_packets": 3894, + "kernel_drops": 0, + "errors": 0, + "afpacket": { + "busy_loop_avg": 0, + "polls": 2775, + "poll_signal": 0, + "poll_timeout": 2669, + "poll_data": 106, + "poll_errors": 0, + "send_errors": 0 + } + }, + "decoder": { + "pkts": 1947, + "bytes": 284864, + "invalid": 0, + "ipv4": 1947, + "ipv6": 0, + "ethernet": 1947, + "arp": 0, + "unknown_ethertype": 0, + "chdlc": 0, + "raw": 0, + "null": 0, + "sll": 0, + "tcp": 1943, + "udp": 4, + "sctp": 0, + "esp": 0, + "icmpv4": 0, + "icmpv6": 0, + "ppp": 0, + "pppoe": 0, + "geneve": 0, + "gre": 0, + "vlan": 0, + "vlan_qinq": 0, + "vlan_qinqinq": 0, + "vxlan": 0, + "vntag": 0, + "ieee8021ah": 0, + "teredo": 0, + "ipv4_in_ipv6": 0, + "ipv6_in_ipv6": 0, + "mpls": 0, + "avg_pkt_size": 146, + "max_pkt_size": 1513, + "max_mac_addrs_src": 0, + "max_mac_addrs_dst": 0, + "erspan": 0, + "nsh": 0, + "event": { + "ipv4": { + "pkt_too_small": 0, + "hlen_too_small": 0, + "iplen_smaller_than_hlen": 0, + "trunc_pkt": 0, + "opt_invalid": 0, + "opt_invalid_len": 0, + "opt_malformed": 0, + "opt_pad_required": 0, + "opt_eol_required": 0, + "opt_duplicate": 0, + "opt_unknown": 0, + "wrong_ip_version": 0, + "icmpv6": 0, + "frag_pkt_too_large": 0, + "frag_overlap": 0, + "frag_ignored": 0 + }, + "icmpv4": { + "pkt_too_small": 0, + "unknown_type": 0, + "unknown_code": 0, + "ipv4_trunc_pkt": 0, + "ipv4_unknown_ver": 0 + }, + "icmpv6": { + "unknown_type": 0, + "unknown_code": 0, + "pkt_too_small": 0, + "ipv6_unknown_version": 0, + "ipv6_trunc_pkt": 0, + "mld_message_with_invalid_hl": 0, + "unassigned_type": 0, + "experimentation_type": 0 + }, + "ipv6": { + "pkt_too_small": 0, + "trunc_pkt": 0, + "trunc_exthdr": 0, + "exthdr_dupl_fh": 0, + "exthdr_useless_fh": 0, + "exthdr_dupl_rh": 0, + "exthdr_dupl_hh": 0, + "exthdr_dupl_dh": 0, + "exthdr_dupl_ah": 0, + "exthdr_dupl_eh": 0, + "exthdr_invalid_optlen": 0, + "wrong_ip_version": 0, + "exthdr_ah_res_not_null": 0, + "hopopts_unknown_opt": 0, + "hopopts_only_padding": 0, + "dstopts_unknown_opt": 0, + "dstopts_only_padding": 0, + "rh_type_0": 0, + "zero_len_padn": 0, + "fh_non_zero_reserved_field": 0, + "data_after_none_header": 0, + "unknown_next_header": 0, + "icmpv4": 0, + "frag_pkt_too_large": 0, + "frag_overlap": 0, + "frag_invalid_length": 0, + "frag_ignored": 0, + "ipv4_in_ipv6_too_small": 0, + "ipv4_in_ipv6_wrong_version": 0, + "ipv6_in_ipv6_too_small": 0, + "ipv6_in_ipv6_wrong_version": 0 + }, + "tcp": { + "pkt_too_small": 0, + "hlen_too_small": 0, + "invalid_optlen": 0, + "opt_invalid_len": 0, + "opt_duplicate": 0 + }, + "udp": { + "pkt_too_small": 0, + "hlen_too_small": 0, + "hlen_invalid": 0, + "len_invalid": 0 + }, + "sll": { + "pkt_too_small": 0 + }, + "ethernet": { + "pkt_too_small": 0 + }, + "ppp": { + "pkt_too_small": 0, + "vju_pkt_too_small": 0, + "ip4_pkt_too_small": 0, + "ip6_pkt_too_small": 0, + "wrong_type": 0, + "unsup_proto": 0 + }, + "pppoe": { + "pkt_too_small": 0, + "wrong_code": 0, + "malformed_tags": 0 + }, + "gre": { + "pkt_too_small": 0, + "wrong_version": 0, + "version0_recur": 0, + "version0_flags": 0, + "version0_hdr_too_big": 0, + "version0_malformed_sre_hdr": 0, + "version1_chksum": 0, + "version1_route": 0, + "version1_ssr": 0, + "version1_recur": 0, + "version1_flags": 0, + "version1_no_key": 0, + "version1_wrong_protocol": 0, + "version1_malformed_sre_hdr": 0, + "version1_hdr_too_big": 0 + }, + "vlan": { + "header_too_small": 0, + "unknown_type": 0, + "too_many_layers": 0 + }, + "ieee8021ah": { + "header_too_small": 0 + }, + "vntag": { + "header_too_small": 0, + "unknown_type": 0 + }, + "ipraw": { + "invalid_ip_version": 0 + }, + "ltnull": { + "pkt_too_small": 0, + "unsupported_type": 0 + }, + "sctp": { + "pkt_too_small": 0 + }, + "esp": { + "pkt_too_small": 0 + }, + "mpls": { + "header_too_small": 0, + "pkt_too_small": 0, + "bad_label_router_alert": 0, + "bad_label_implicit_null": 0, + "bad_label_reserved": 0, + "unknown_payload_type": 0 + }, + "vxlan": { + "unknown_payload_type": 0 + }, + "geneve": { + "unknown_payload_type": 0 + }, + "erspan": { + "header_too_small": 0, + "unsupported_version": 0, + "too_many_vlan_layers": 0 + }, + "dce": { + "pkt_too_small": 0 + }, + "chdlc": { + "pkt_too_small": 0 + }, + "nsh": { + "header_too_small": 0, + "unsupported_version": 0, + "bad_header_length": 0, + "reserved_type": 0, + "unsupported_type": 0, + "unknown_payload": 0 + } + }, + "too_many_layers": 0 + }, + "tcp": { + "syn": 164, + "synack": 157, + "rst": 10, + "active_sessions": 164, + "sessions": 164, + "ssn_memcap_drop": 0, + "ssn_from_cache": 0, + "ssn_from_pool": 164, + "pseudo": 0, + "pseudo_failed": 0, + "invalid_checksum": 0, + "midstream_pickups": 0, + "pkt_on_wrong_thread": 0, + "ack_unseen_data": 0, + "segment_memcap_drop": 0, + "segment_from_cache": 493, + "segment_from_pool": 2, + "stream_depth_reached": 0, + "reassembly_gap": 0, + "overlap": 0, + "overlap_diff_data": 0, + "insert_data_normal_fail": 0, + "insert_data_overlap_fail": 0 + }, + "flow": { + "memcap": 0, + "total": 166, + "active": 166, + "tcp": 164, + "udp": 2, + "icmpv4": 0, + "icmpv6": 0, + "tcp_reuse": 0, + "get_used": 0, + "get_used_eval": 0, + "get_used_eval_reject": 0, + "get_used_eval_busy": 0, + "get_used_failed": 0, + "wrk": { + "spare_sync_avg": 100, + "spare_sync": 2, + "spare_sync_incomplete": 0, + "spare_sync_empty": 0, + "flows_evicted_needs_work": 0, + "flows_evicted_pkt_inject": 0, + "flows_evicted": 0, + "flows_injected": 0, + "flows_injected_max": 0 + }, + "end": { + "state": { + "new": 0, + "established": 0, + "closed": 0, + "local_bypassed": 0 + }, + "tcp_state": { + "none": 0, + "syn_sent": 0, + "syn_recv": 0, + "established": 0, + "fin_wait1": 0, + "fin_wait2": 0, + "time_wait": 0, + "last_ack": 0, + "close_wait": 0, + "closing": 0, + "closed": 0 + }, + "tcp_liberal": 0 + } + }, + "defrag": { + "ipv4": { + "fragments": 0, + "reassembled": 0 + }, + "ipv6": { + "fragments": 0, + "reassembled": 0 + }, + "max_frag_hits": 0 + }, + "flow_bypassed": { + "local_pkts": 0, + "local_bytes": 0, + "local_capture_pkts": 0, + "local_capture_bytes": 0 + }, + "detect": { + "engines": [ + { + "id": 0, + "last_reload": "2023-08-02T19:41:32.583098+0200", + "rules_loaded": 0, + "rules_failed": 0 + } + ], + "alert": 0, + "alert_queue_overflow": 0, + "alerts_suppressed": 0 + }, + "app_layer": { + "flow": { + "http": 154, + "ftp": 0, + "smtp": 0, + "tls": 3, + "ssh": 0, + "imap": 0, + "smb": 0, + "dcerpc_tcp": 0, + "dns_tcp": 0, + "nfs_tcp": 0, + "ntp": 0, + "ftp-data": 0, + "tftp": 0, + "ike": 0, + "krb5_tcp": 0, + "quic": 0, + "dhcp": 0, + "snmp": 0, + "sip": 0, + "rfb": 0, + "mqtt": 0, + "telnet": 0, + "rdp": 0, + "http2": 0, + "bittorrent-dht": 0, + "failed_tcp": 0, + "dcerpc_udp": 0, + "dns_udp": 2, + "nfs_udp": 0, + "krb5_udp": 0, + "failed_udp": 0 + }, + "tx": { + "http": 154, + "ftp": 0, + "smtp": 0, + "tls": 0, + "ssh": 0, + "imap": 0, + "smb": 0, + "dcerpc_tcp": 0, + "dns_tcp": 0, + "nfs_tcp": 0, + "ntp": 0, + "ftp-data": 0, + "tftp": 0, + "ike": 0, + "krb5_tcp": 0, + "quic": 0, + "dhcp": 0, + "snmp": 0, + "sip": 0, + "rfb": 0, + "mqtt": 0, + "telnet": 0, + "rdp": 0, + "http2": 0, + "bittorrent-dht": 0, + "dcerpc_udp": 0, + "dns_udp": 4, + "nfs_udp": 0, + "krb5_udp": 0 + }, + "error": { + "http": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "ftp": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "smtp": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "tls": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "ssh": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "imap": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "smb": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "dcerpc_tcp": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "dns_tcp": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "nfs_tcp": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "ntp": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "ftp-data": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "tftp": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "ike": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "krb5_tcp": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "quic": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "dhcp": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "snmp": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "sip": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "rfb": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "mqtt": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "telnet": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "rdp": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "http2": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "bittorrent-dht": { + "gap": 0, + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "failed_tcp": { + "gap": 0 + }, + "dcerpc_udp": { + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "dns_udp": { + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "nfs_udp": { + "alloc": 0, + "parser": 0, + "internal": 0 + }, + "krb5_udp": { + "alloc": 0, + "parser": 0, + "internal": 0 + } + } + } + }, + "FM#01": { + "flow": { + "mgr": { + "full_hash_pass": 27, + "rows_per_sec": 6553, + "rows_maxlen": 1, + "flows_checked": 731, + "flows_notimeout": 390, + "flows_timeout": 341, + "flows_evicted": 341, + "flows_evicted_needs_work": 0 + }, + "spare": 9941, + "emerg_mode_entered": 0, + "emerg_mode_over": 0 + }, + "flow_bypassed": { + "closed": 0, + "pkts": 0, + "bytes": 0 + }, + "memcap_pressure": 5, + "memcap_pressure_max": 5 + }, + "FR#01": { + "tcp": { + "active_sessions": -341 + }, + "flow": { + "active": -341, + "end": { + "state": { + "new": 0, + "established": 0, + "closed": 341, + "local_bypassed": 0 + }, + "tcp_state": { + "none": 0, + "syn_sent": 0, + "syn_recv": 0, + "established": 0, + "fin_wait1": 0, + "fin_wait2": 0, + "time_wait": 0, + "last_ack": 0, + "close_wait": 0, + "closing": 0, + "closed": 341 + }, + "tcp_liberal": 0 + }, + "recycler": { + "recycled": 341, + "queue_avg": 1, + "queue_max": 57 + } + } + }, + "Global": { + "tcp": { + "memuse": 1212416, + "reassembly_memuse": 266240 + }, + "http": { + "memuse": 0, + "memcap": 0 + }, + "ftp": { + "memuse": 0, + "memcap": 0 + }, + "app_layer": { + "expectations": 0 + }, + "file_store": { + "open_files": 0 + }, + "flow": { + "memuse": 7154304 + } + } + } + }, + "return": "OK" +}