From: Phil Young <py@napatech.com>
Date: Mon, 17 Jul 2017 14:08:02 +0000 (-0400)
Subject: napatech: Added section describing packet counters.
X-Git-Tag: suricata-4.0.1~43
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=5f613e6e7deb0efc7c4b13a982402ef9126a4a27;p=thirdparty%2Fsuricata.git

napatech: Added section describing packet counters.
---

diff --git a/doc/userguide/capture-hardware/napatech.rst b/doc/userguide/capture-hardware/napatech.rst
index 3a548bb0dc..e9c38f9a36 100644
--- a/doc/userguide/capture-hardware/napatech.rst
+++ b/doc/userguide/capture-hardware/napatech.rst
@@ -210,6 +210,23 @@ Now you are ready to start Suricata::
 	$ suricata -c /usr/local/etc/suricata/suricata.yaml --napatech --runmode workers
 
 
+------------------------------------
+Counters
+
+For each stream that is being processed the following counters will be output in stats.log:
+    nt<streamid>.pkts - The number of packets recieved by the stream.
+    nt<streamid>.bytes - The total bytes received by the stream.
+    nt<streamid>.drop - The number of packets that were dropped from this stream due to
+                        buffer overflow conditions.
+
+If hba is enabled the following counter will also be provided:
+    nt<streamid>.hba_drop - the number of packets dropped because the host buffer allowance
+                            high-water mark was reached.
+
+In addition to counters host buffer utilization is tracked and logged.  This is also useful for
+debugging.  Log messages are output for both Host and On-Board buffers when reach 25, 50, 75
+percent of utilization.  Corresponding messages are output when utilization decreases.
+
 Support
 -------