Hoping to understand the data in PacketFilter::Dropped_packets notices
better. What do each of the counts indicate?
Wondering because I have a small percentage of notices from a variety
of sensors that are logging the following in the notices, and the
counts end up being too large of integers for some post-processing
utilities to help compute some metrics on. I suspect that these come
from Bro 2.6 sensors. Examples:
18446744069482849436 packets dropped after filtering,
18446744069489230937 received, 6381501 on link
18446744069467467531 packets dropped after filtering,
18446744069467980684 received, 513153 on link
18446744069774533196 packets dropped after filtering,
18446744069778234931 received, 3701735 on link
18446744069437332601 packets dropped after filtering,
18446744069462690099 received, 25357498 on link
18446744069540779703 packets dropped after filtering,
18446744069561221983 received, 20442280 on link
18446744069457313223 packets dropped after filtering,
18446744069457748075 received, 434852 on link
18446744069561323156 packets dropped after filtering,
18446744069583649097 received, 22325941 on link
I was attempting to track percentage of dropped packets from this
notice by dividing the total received (2nd number) by the count
dropped after filtering (1st number) based on what seems like the more
common types of reports we see, like this one:
1 packets dropped after filtering, 2724370 received, 2724369 on link
(1/2724370 => 0.000000367057338). But I can't conceive that the
messages above are carrying realistic numbers to calculate on.