[Bro] capstats doesnt work with af_packet

Azoff, Justin S jazoff at illinois.edu
Thu Nov 10 07:27:50 PST 2016

> On Nov 10, 2016, at 9:17 AM, erik clark <philosnef at gmail.com> wrote:
> Subject says it all. When I run interface=af_packet::em3, broctl capstats reports no statistics. 
> How can I fix this, as I rely on this information for traffic profiling of the system. Thanks!

It doesn't work right, and it can't really work right.  I think the short answer is that capstats is going away.  As a standalone tool it is ok, but running it on a schedule is not a great feature. It generates stats by actually capturing the packets and reporting on what it saw.  On a heavily loaded worker this is the absolute last thing you want to do.

The stats.log will contain the same data split out by worker in the fields like bytes_recv, pkts_proc,pkts_dropped,pkts_link.  You should be able to do the profiling you need using this data.

- Justin Azoff

More information about the Bro mailing list