[Oisf-devel] Latest 2.0dev (rev 68ba9df) + PF_RING (+DNA+libzero) = no HTTP logs
Victor Julien
victor at inliniac.net
Tue Sep 24 14:59:27 UTC 2013
On 09/24/2013 04:46 PM, Chris Wakelin wrote:
> On 24/09/13 15:33, Victor Julien wrote:
>> On 09/24/2013 04:30 PM, Chris Wakelin wrote:
>>> Hi,
>>>
>>> I may be doing something wrong, but I've just tried this morning's git
>>> master (rev 68ba9df - i.e. just before the SSL updates - compiled with
>>> my current PF_RING, version 5.6.0) on the student network and it seems
>>> to failing to log any HTTP (or HTTP alerts). There were some UDP alerts
>>> though.
>>>
> ...
>
>>> Running Suricata against a pcap is fine, so it does seem to be a PF_RING
>>> issue.
>>
>> One thing I can think of is vlan handling. We recently added vlan
>> tracking for flows. It can be disabled in the yaml:
>>
>> vlan:
>> use-for-tracking: true
>>
>> It defaults to 'true' if missing.
>>
>
> You're right, of course. I remember seeing that and thinking I'd better
> remember to turn that off! It seems to be working now.
Good. That option was added just for you, you know :)
Cheers,
Victor
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-devel
mailing list