[Bro] capstats doesnt work with af_packet
Azoff, Justin S
jazoff at illinois.edu
Thu Nov 10 07:27:50 PST 2016
> On Nov 10, 2016, at 9:17 AM, erik clark <philosnef at gmail.com> wrote:
>
> Subject says it all. When I run interface=af_packet::em3, broctl capstats reports no statistics.
> How can I fix this, as I rely on this information for traffic profiling of the system. Thanks!
>
It doesn't work right, and it can't really work right. I think the short answer is that capstats is going away. As a standalone tool it is ok, but running it on a schedule is not a great feature. It generates stats by actually capturing the packets and reporting on what it saw. On a heavily loaded worker this is the absolute last thing you want to do.
The stats.log will contain the same data split out by worker in the fields like bytes_recv, pkts_proc,pkts_dropped,pkts_link. You should be able to do the profiling you need using this data.
--
- Justin Azoff
More information about the Bro
mailing list