3. Detection engine stats
With the three types of GCap user profiles, the SETUP, GVIEW and GVIEWADM accounts have access to the capture statistics of the SIGFLOW detection engine.
At the GUI level, the 'Inspect' menu is the menu with which the administrator will be able to check the capture statistics.
↓
'Watch eve statistics' shows in real time all the information corresponding to the capture parameters and counters associated with the SIGFLOW detection engine of the GCap probe.
You can do it with the following CLI command :
show eve-stats
These informative badges also appear on the GCenter WEB interface at the GCap details level in the 'Pairing/Status' menu.
Practical information such as rule usage, number of sessions or alerts appear in this menu. The command gives access to statistics taken from SIGFLOW logs (eve-log).
The statistics displayed by eve_stats return the number of alerts, flows (DNS, HTTP, SMTP, TLS, etc.), files identified (stored or not), statistics uploaded, packets received and lost by the kernel on all capture interfaces.
| Event Types | Description |
|---|---|
| Total Events | Total number of events (sum of counters below) |
| Alerts | Number of alerts detected per minute |
| Stats Events | Number of statistics type events per minute |
| Observed Files | Number of files observed per minute |
| Extracted Files | Number of files extracted per minute |
| Uploaded-to-GCenter Files | Number of files sent to GCenter per minute |
| Lost files | Number of files lost per minute |
| DHCP Events | Number of DHCP events per minute |
| DNS Events | Number of DNS events per minute |
| DNP3 Events | Number of DNP3 events per minute |
| FTP Events | Number of FTP events per minute |
| HTTP Events | Number of HTTP events per minute |
| IKEV2 Events | Number of IKEV2 events per minute |
| KRB5 Events | Number of KRB5 events per minute |
| NETFLOW Events | Number of NETFLOW events per minute |
| NFS Events | Number of NFS events per minute |
| SMB Events | Number of SMB events per minute |
| SMTP Events | Number of SMTP events per minute |
| SSH Events | Number of SSH events per minute |
| TFTP Events | Number of TFTP events per minute |
| TLS Events | Number of TLS events per minute |
| Tunnel Events | Number of IPsec tunnel related events per minute |
| Received Packets | Number of packets received per minute |
| Dropped Packets | Number of packets dropped per minute |
| Rules loaded | Total number of rules loaded on the GCap |
| Invalid rules | Number of invalid or error rules |
| TCP SYN | TCP connection establishment count |
| TCP SYN/ACK | Number of TCP connection establishments with acknowledgment per minute |
| TCP Sessions | Number of TCP sessions per minute |
| Flow TCP | Number of TCP streams per minute |
| Flow UDP | Number of UDP streams per minute |
| Flow SCTP | Number of SCTP streams per minute |
| Flow ICMPv4 | Number of ICMPv4 streams per minute |
| Flow ICMPv6 | Number of ICMPv6 streams per minute |
| Flow Timeout on New Sessions | Number of streams timed out on new sessions |
| Flow Timeout on Established Sessions | Number of streams timed out on established sessions |
| Flow Timeout on Closed Sessions | Number of streams in timeout on closed sessions |
| Flow Timeout on Bypassed Sessions | Number of streams timed out on bypassed sessions |