[Oisf-users] suricata vlan log - onionsecurity is ok, selks ko
john nesh
john.nesh76 at gmail.com
Fri Feb 27 08:11:51 UTC 2015
Nope, I think that this is the issue.
What could I share in order to get troubleshooting faster?
2015-02-26 23:37 GMT+01:00 Peter Manev <petermanev at gmail.com>:
> On Thu, Feb 26, 2015 at 10:51 PM, john nesh <john.nesh76 at gmail.com> wrote:
> > Seems not working also in this way.
> > Is there anything else I could check?
>
> Do you have vlan IDs in eve.json ?
>
> >
> > 2015-02-26 21:53 GMT+01:00 Peter Manev <petermanev at gmail.com>:
> >>
> >> On Thu, Feb 26, 2015 at 9:43 PM, john nesh <john.nesh76 at gmail.com>
> wrote:
> >> > You are right,
> >> >
> >> > rx-vlan-offload: on
> >> > tx-vlan-offload: on
> >> >
> >> > Do I have to disable it?
> >>
> >> Just run that -
> >> /opt/selks/Scripts/Setup/reconfigure-listening-interface_stamus.sh
> >>
> >>
> >>
> >> >
> >> > 2015-02-26 21:04 GMT+01:00 Peter Manev <petermanev at gmail.com>:
> >> >>
> >> >> On Thu, Feb 26, 2015 at 8:18 PM, john nesh <john.nesh76 at gmail.com>
> >> >> wrote:
> >> >> > Hi,
> >> >> >
> >> >> > I am facing a different behaviour regarding vlans in logs.
> >> >> > I made an installation of securityonion and vlan worked log in
> >> >> > eve.json
> >> >> > worked flawlessy but not in selks.
> >> >> > I have read that vlan behaviour had changed in 2.1
> >> >> >
> >> >> > in my suricata.yaml I have:
> >> >> >
> >> >> > vlan:
> >> >> > use-for-tracking: true
> >> >> >
> >> >> > But I have no log in eve.json.
> >> >> > Is this an expected behaviour?
> >> >>
> >> >> You might have vlan offloading enabled on your NIC - if that is the
> >> >> case you would need to disable it.
> >> >> (ethtool -k interface - will show the status)
> >> >>
> >> >> >
> >> >> > John
> >> >> >
> >> >> > _______________________________________________
> >> >> > Suricata IDS Users mailing list:
> oisf-users at openinfosecfoundation.org
> >> >> > Site: http://suricata-ids.org | Support:
> >> >> > http://suricata-ids.org/support/
> >> >> > List:
> >> >> >
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> >> >> > Training now available: http://suricata-ids.org/training/
> >> >>
> >> >>
> >> >>
> >> >> --
> >> >> Regards,
> >> >> Peter Manev
> >> >
> >> >
> >>
> >>
> >>
> >> --
> >> Regards,
> >> Peter Manev
> >
> >
>
>
>
> --
> Regards,
> Peter Manev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20150227/12774102/attachment-0002.html>
More information about the Oisf-users
mailing list