6.2.1.9. eve-stats
6.2.1.9.1. Introduction
The eve-stats command of the show subgroup enables displaying the Sigflow (monitoring-engine) statistics.
6.2.1.9.2. Prerequisites
Users: setup, gviewadm, gview
Dependencies: N/A
6.2.1.9.3. Command
show eve-stats
6.2.1.9.4. Example
Enter the following command.
(gcap-cli) show eve-stats
Validate.
The system displays the following information:
counter
Alerts- Number of Sigflow alerts foundthe counters
Files- Files extracted by Sigflowthe counters
Codebreaker samples- Files analysed by Codebreakercounters
Protocols- List of protocols seen by Sigflowcounters
Detection Engine Stats- Sigflow statistics (monitoring-engine)
6.2.1.9.4.2. Detail of counters Files - Files extracted by Sigflow
Observed- Number of files observed by Sigflow.Extracted- Number of files extracted by Sigflow.Uploaded- Data sent to GCenter.Metadata- Number of metadata sent to GCenter.File- Number of files sent to GCenter.
Example:
...
Files:
Observed: 6011816
Extracted: 0
Uploaded:
Metadata: 0
File: 0
...
6.2.1.9.4.3. Counter Codebreaker samples details - Files analysed by Codebreaker
Extracted- Number of extracted files received by Codebreaker.Uploaded- Data on files received by Codebreaker on GCenter.Shellcodes- Data on shellcodes.Plain- Shellcodes detected without encoding.Encoded- Shellcodes detected with encoding.
Powershell- Number of malicious Powershell scripts detected.
Example:
...
Codebreaker samples:
Extracted: 0
Uploaded:
Shellcodes:
Plain: 0
Encoded: 0
Powershell: 0
...
6.2.1.9.4.4. Detail of counters Protocols - List of protocols seen by Sigflow
<protocole> Number of events observed by Sigflow concerning protocol
Example:
Protocols:
DHCP: 0
DNP3: 0
DNS: 0
FTP: 0
HTTP: 6537929
HTTP2: 0
IKEv2: 0
KRB5: 0
MQTT: 0
NETFLOW: 0
NFS: 0
RDP: 0
RFB: 0
SIP: 0
SMB: 0
SMTP: 0
SNMP: 0
SSH: 0
TFTP: 0
TLS: 0
Tunnels: 0
6.2.1.9.4.5. Detail of counters Detection Engine Stats - Sigflow statistics (monitoring-engine)
Events- Data on events observed by SigflowTotal- Total number of eventsStats- Number of statistics generated
CaptureReceived- Number of packets capturedDropped- Number of packets ignored
Rules- Sigflow rules dataLoaded- Number of rules loaded and validatedInvalid- Number of rules that could not be loaded
TCPSYN- Number of SYN observed by Sigflow.SYN/ACK- Number of SYN/ACK observed by Sigflow.Sessions- Number of TCP sessions observed by Sigflow.
FlowTCP- Number of TCP sessions observedUDP- Number of UDP sessions observedSCTP- Number of SCTP sessions observedICMPv4- Number of ICMPv4 messages observedICMPv6- Number of ICMPv6 messages observedTimeouts- Statistics on TCP session expirationsNew- Number of new windows TCPEstablished- Number of windows establishedClosed- Number of windows closedBypassed- Number of windows ignored
Example :
Detection Engine Stats:
Events:
Total: 12551855
Stats: 2110
Capture:
Received: 153439718
Dropped: 60964966
Rules:
Loaded: 78
Invalid: 28
TCP:
SYN: 10274277
SYN/ACK: 10274629
Sessions: 10273062
Flows:
TCP: 12067611
UDP: 0
SCTP: 0
ICMPv4: 0
ICMPv6: 0
Timeouts:
New: 0
Established: 0
Closed: 0
Bypassed: 0