Windows: S-TAP statistics
The S-TAP statistics are sent by the S-TAP to the sniffer are stored on the collector. You can see the statistics in the predefined S-TAP Statistics report.
You can create alerts based on results.
The guard_tap.ini parameter STAP_STATISTIC specifies
the interval at which the S-TAP sends
statistics to the sniffer. Valid values are:
- Positive integer: for hours
- Negative integer: minutes
- 0: do not send
S-TAP counters:
- Total dropped packets: Packets dropped due to insufficient buffer space in the S-TAP service.
- Total dropped bytes: Bytes dropped due to insufficient buffer space in the S-TAP service.
- Collector count
- Collector names: Comma-separated list of all the collectors that are assigned to the S-TAP
- Collector total dropped packets: Comma-separated list of the packets that are dropped due to insufficient buffer space in the S-TAP, cataloged by collector.
- Collector total dropped bytes: Comma-separated list of the bytes that are dropped due to insufficient buffer space in the S-TAP, cataloged by collector.
NMP counters:
- Software TAP Host
- Tap name (driver name)
- Tap version
- Timestamp
- Total packets: Total packets that pass through the driver
- Total bytes: Total bytes that pass through the driver
- Total dropped packets: Total packets that are dropped due to insufficient buffer space in the driver.
- Total dropped bytes: Total bytes that are dropped due to insufficient buffer space in the driver.
- Total ignored packets: Total packets that are ignored due to Ignore commands from the appliance or priority queue transitions.
- Total ignored bytes: Total bytes that are ignored due to Ignore commands from the appliance or priority queue transitions.
- Total ignored reply packets: Total packets of server reply data that is ignored due to ignore reply commands from the appliance, DB ignore bypass, or priority queue transitions.
- Total ignored reply bytes: Total bytes of server reply data that is ignored due to ignore reply commands from the appliance, DB ignore bypass, or priority queue transitions.
WFP counters:
- Software TAP Host
- Tap name (driver name)
- Tap version
- Timestamp
- Total packets: Total packets that pass through the driver
- Total bytes: Total bytes that pass through the driver
- Total dropped packets: Total packets that are dropped due to insufficient buffer space in the driver.
- Total dropped bytes: Total bytes that are dropped due to insufficient buffer space in the driver.
- Total ignored packets: Total packets that are ignored due to Ignore commands from the appliance or priority queue transitions.
- Total ignored bytes: Total bytes that are ignored due to Ignore commands from the appliance or priority queue transitions.
- Total ignored reply packets: Totals of server reply data that is ignored due to ignore reply commands from the appliance, DB ignore bypass, or priority queue transitions.
- Total ignored reply bytes: Totals of server reply data that is ignored due to ignore reply commands from the appliance, DB ignore bypass, or priority queue transitions.