From tgdesrochers at gmail.com Fri Feb 24 13:25:40 2017 From: tgdesrochers at gmail.com (tgdesrochers) Date: Fri, 24 Feb 2017 13:25:40 -0500 Subject: [Mailman] [suricata] only recording DNS traffic Message-ID: I just installed suricata 3.2.1 from the yum repo on centos7. I set up af_packet and started suricata. Suricata works but it only appears that DNS, Flow, and Stats traffic is being recorded to the eve log. To try and troubleshoot I hashed out the sections for DNS, Flow, and Stats and now suricata is not recording anything to the eve log. I am not sure what I a am doing to not get the rest of the network traffic recorded. This box has Moloch on it sniffing the same interface and it is recording all the traffic. I ran tcpdump on the eth and it sees all of the traffic. It just appears suricata is not seeing it. I am not sure where to go from here, can anyone let me know any steps to try and rectify this. Thanks Tim -------------- next part -------------- An HTML attachment was scrubbed... URL: