napatech: Added section describing packet counters.

author Phil Young <py@napatech.com>

Mon, 17 Jul 2017 14:08:02 +0000 (10:08 -0400)

committer Victor Julien <victor@inliniac.net>

Tue, 1 Aug 2017 08:13:54 +0000 (10:13 +0200)
author Phil Young <py@napatech.com>
Mon, 17 Jul 2017 14:08:02 +0000 (10:08 -0400)
committer Victor Julien <victor@inliniac.net>
Tue, 1 Aug 2017 08:13:54 +0000 (10:13 +0200)
diff --git a/doc/userguide/capture-hardware/napatech.rst b/doc/userguide/capture-hardware/napatech.rst

index 3a548bb0dc0d727cbb92e12848f32e80d71f895a..e9c38f9a36bd2342bdf1a0676b120b5e5b222f99 100644 (file)
--- a/doc/userguide/capture-hardware/napatech.rst
+++ b/doc/userguide/capture-hardware/napatech.rst
@@ -210,6 +210,23 @@ Now you are ready to start Suricata::
         $ suricata -c /usr/local/etc/suricata/suricata.yaml --napatech --runmode workers
  
  
+------------------------------------
+Counters
+
+For each stream that is being processed the following counters will be output in stats.log:
+    nt<streamid>.pkts - The number of packets recieved by the stream.
+    nt<streamid>.bytes - The total bytes received by the stream.
+    nt<streamid>.drop - The number of packets that were dropped from this stream due to
+                        buffer overflow conditions.
+
+If hba is enabled the following counter will also be provided:
+    nt<streamid>.hba_drop - the number of packets dropped because the host buffer allowance
+                            high-water mark was reached.
+
+In addition to counters host buffer utilization is tracked and logged.  This is also useful for
+debugging.  Log messages are output for both Host and On-Board buffers when reach 25, 50, 75
+percent of utilization.  Corresponding messages are output when utilization decreases.
+
  Support
  -------
author	Phil Young <py@napatech.com>
	Mon, 17 Jul 2017 14:08:02 +0000 (10:08 -0400)
committer	Victor Julien <victor@inliniac.net>
	Tue, 1 Aug 2017 08:13:54 +0000 (10:13 +0200)