<html><body><div style="color:#000; background-color:#fff; font-family:arial, helvetica, sans-serif;font-size:13px"><div id="yui_3_16_0_1_1444257154708_9208"><span>Hi Peter/Victor,</span></div><div id="yui_3_16_0_1_1444257154708_9208"><span><br></span></div><div id="yui_3_16_0_1_1444257154708_9208"><span>Can you please help me with this issue?</span></div><div id="yui_3_16_0_1_1444257154708_9208"><span>Do you support 10G Mellanox card??</span></div><div id="yui_3_16_0_1_1444257154708_9208"><span><br></span></div><div id="yui_3_16_0_1_1444257154708_9208"><span>Thanks, Khushal</span></div><br>  <div style="font-family: arial, helvetica, sans-serif; font-size: 13px;" id="yui_3_16_0_1_1444257154708_9212"> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, Sans-Serif; font-size: 16px;" id="yui_3_16_0_1_1444257154708_9211"> <div dir="ltr" id="yui_3_16_0_1_1444257154708_9210"> <hr size="1" id="yui_3_16_0_1_1444257154708_9209">  <font size="2" face="Arial" id="yui_3_16_0_1_1444257154708_9213"> <b id="yui_3_16_0_1_1444257154708_9215"><span style="font-weight:bold;" id="yui_3_16_0_1_1444257154708_9214">From:</span></b> khushal kaviraj <khushal08@yahoo.com><br> <b><span style="font-weight: bold;">To:</span></b> "oisf-users@lists.openinfosecfoundation.org" <oisf-users@lists.openinfosecfoundation.org> <br> <b><span style="font-weight: bold;">Sent:</span></b> Friday, 2 October 2015 7:46 AM<br> <b><span style="font-weight: bold;">Subject:</span></b> Suricata : http.log is empty<br> </font> </div> <div class="y_msg_container" id="yui_3_16_0_1_1444257154708_9247"><br><div id="yiv9530473680"><div id="yui_3_16_0_1_1444257154708_9246"><div style="color:#000;background-color:#fff;font-family:arial, helvetica, sans-serif;font-size:13px;" id="yui_3_16_0_1_1444257154708_9245"><div id="yiv9530473680yui_3_16_0_1_1443735035968_5209">Sending again as the first mail was a bit obfuscated due to formatting issues.</div><div id="yiv9530473680yui_3_16_0_1_1443735035968_5214" style="font-family:arial, helvetica, sans-serif;font-size:13px;"><div id="yiv9530473680yui_3_16_0_1_1443735035968_5213" style="font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, Sans-Serif;font-size:16px;"><div dir="ltr" id="yiv9530473680yui_3_16_0_1_1443735035968_5212"> </div> <div class="yiv9530473680y_msg_container" id="yiv9530473680yui_3_16_0_1_1443735035968_5302"><br clear="none"><div id="yiv9530473680"><div id="yiv9530473680yui_3_16_0_1_1443735035968_5304"><div id="yiv9530473680yui_3_16_0_1_1443735035968_5303" style="color:#000;background-color:#fff;font-family:arial, helvetica, sans-serif;font-size:13px;"><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4287"><font class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4326" face="Times" style="font-size:14px;">Hi Victor,</font></div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4328" style="font-family:Helvetica;font-size:12px;"><font class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4330" face="Times" style="font-size:14px;"><br clear="none" class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4332"></font></div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4334" style="font-family:Helvetica;font-size:12px;"><span id="yiv9530473680yui_3_16_0_1_1443713322019_4789" style="font-size:14px;font-family:Times;">I am using Suricata(and ELK) to capture and analyze network packets. </span><br clear="none"></div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4342" style="font-family:Helvetica;font-size:12px;"><font class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4344" face="Times" style="font-size:14px;"><br clear="none" class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4346"></font></div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4348" style="font-family:Helvetica;font-size:12px;"><font class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4350" face="Times" style="font-size:14px;">I facing an issue with http packet capture. My http.log(and eve.json) is empty. I have verified with wireshark capture that http packets can be seen from the host. It’s just that suricata is not able to populate http.log.</font></div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4352" style="font-family:Helvetica;font-size:12px;"><font class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4354" face="Times" style="font-size:14px;">I was wondering, if you could give me some valuable inputs to troubleshoot this issue??</font></div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4356" style="font-family:Helvetica;font-size:12px;"><font class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4358" face="Times" style="font-size:14px;"><br clear="none" class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4360"></font></div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4362" style="font-family:Helvetica;font-size:12px;"><font class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4364" face="Times" style="font-size:14px;">Physical setup </font></div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4362" style="font-family:Helvetica;font-size:12px;"><font class="yiv9530473680" face="Times" style="font-size:14px;"><br clear="none"></font></div><div class="yiv9530473680" dir="ltr" id="yiv9530473680yui_3_16_0_1_1443713322019_4366" style="font-family:Helvetica;font-size:12px;"><font class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4368" face="Times" style="font-size:14px;">1. Packets are duplicated and sent to the Ubuntu server with suricata. A splitter, which sits between the border router and ISP(Similar to SPAN), sends the duplicate traffic to to our IDS server.</font></div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4370" style="font-family:Helvetica;font-size:12px;"><font class="yiv9530473680" face="Times" style="font-size:14px;"><br clear="none"></font></div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4370" style="font-family:Helvetica;font-size:12px;"><font class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4372" face="Times" style="font-size:14px;">2. We are using a <a rel="nofollow" shape="rect" class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4374" target="_blank" href="http://web/~doc/progs/MoinMoin/wiki-moinmoin/moin.cgi/SuperMicro" style="text-decoration:none;"><span class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4376" style="color:rgb(17, 85, 204);vertical-align:baseline;white-space:pre-wrap;">SuperMicro</span></a><span class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4378" style="vertical-align:baseline;white-space:pre-wrap;"> Xenon A+ 1042G-TF Server. A 10G FC port(eth2) is used for packet capture.</span></font></div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4380" style="font-family:Helvetica;font-size:12px;"><span class="yiv9530473680" style="vertical-align:baseline;white-space:pre-wrap;font-size:14px;"><font class="yiv9530473680" face="Times"><br clear="none"></font></span></div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4380" style="font-family:Helvetica;font-size:12px;"><span class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4382" style="vertical-align:baseline;white-space:pre-wrap;font-size:14px;"><font class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4384" face="Times">3. All offloading is disabled as following </font></span></div><div class="qtdSeparateBR"><br><br></div><div class="yiv9530473680yqt7038563615" id="yiv9530473680yqtfd11062"><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4380" style="font-family:Helvetica;font-size:12px;"><span class="yiv9530473680" style="vertical-align:baseline;white-space:pre-wrap;font-size:14px;"><font class="yiv9530473680" face="Times"><br clear="none"></font></span></div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4386" style="font-family:Helvetica;font-size:12px;"><span class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4388" style="vertical-align:baseline;white-space:pre-wrap;font-size:14px;"><font class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4390" face="Times"></font></span><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4392" style="margin:0px;">khushal@hermes:/var/log/suricata$ sudo ethtool -k eth2</div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4394" style="margin:0px;">Features for eth2</div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4396" style="margin:0px;">rx-checksumming off</div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4398" style="margin:0px;">tx-checksumming off</div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4400" style="margin:0px;"><span class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4402" style="white-space:pre-wrap;">      </span>tx-checksum-ipv4 off</div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4404" style="margin:0px;"><span class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4406" style="white-space:pre-wrap;">      </span>tx-checksum-ip-generic off [fixed]</div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4408" style="margin:0px;"><span class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4410" style="white-space:pre-wrap;">        </span>tx-checksum-ipv6 off</div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4412" style="margin:0px;"><span class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4414" style="white-space:pre-wrap;">      </span>tx-checksum-fcoe-crc off [fixed]</div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4416" style="margin:0px;"><span class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4418" style="white-space:pre-wrap;">  </span>tx-checksum-sctp off [fixed]</div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4420" style="margin:0px;">scatter-gather off</div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4422" style="margin:0px;"><span class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4424" style="white-space:pre-wrap;">   </span>tx-scatter-gather off</div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4426" style="margin:0px;"><span class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4428" style="white-space:pre-wrap;">     </span>tx-scatter-gather-fraglist off [fixed]</div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4430" style="margin:0px;">tcp-segmentation-offload off</div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4432" style="margin:0px;"><span class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4434" style="white-space:pre-wrap;">       </span>tx-tcp-segmentation off</div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4436" style="margin:0px;"><span class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4438" style="white-space:pre-wrap;">   </span>tx-tcp-ecn-segmentation off [fixed]</div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4440" style="margin:0px;"><span class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4442" style="white-space:pre-wrap;">       </span>tx-tcp6-segmentation off</div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4444" style="margin:0px;">udp-fragmentation-offload off [fixed]</div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4446" style="margin:0px;">generic-segmentation-offload off</div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4448" style="margin:0px;">generic-receive-offload off</div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4450" style="margin:0px;">large-receive-offload off [fixed]</div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4452" style="margin:0px;">rx-vlan-offload on [fixed]</div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4454" style="margin:0px;">tx-vlan-offload on [fixed]</div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4456" style="margin:0px;">ntuple-filters off [fixed]</div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4458" style="margin:0px;">receive-hashing off</div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4460" style="margin:0px;">highdma: on [fixed]</div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4462" style="margin:0px;">rx-vlan-filter: on [fixed]</div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4464" style="margin:0px;">vlan-challenged off [fixed]</div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4466" style="margin:0px;">tx-lockless off [fixed]</div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4468" style="margin:0px;">netns-local off [fixed]</div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4470" style="margin:0px;">tx-gso-robust off [fixed]</div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4472" style="margin:0px;">tx-fcoe-segmentation off [fixed]</div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4474" style="margin:0px;">tx-gre-segmentation off [fixed]</div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4476" style="margin:0px;">tx-ipip-segmentation off [fixed]</div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4478" style="margin:0px;">tx-sit-segmentation off [fixed]</div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4480" style="margin:0px;">tx-udp_tnl-segmentation off [fixed]</div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4482" style="margin:0px;">tx-mpls-segmentation off [fixed]</div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4484" style="margin:0px;">fcoe-mtu off [fixed]</div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4486" style="margin:0px;">tx-nocache-copy on</div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4488" style="margin:0px;">loopback off</div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4490" style="margin:0px;">rx-fcs off [fixed]</div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4492" style="margin:0px;">rx-all off [fixed]</div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4494" style="margin:0px;">tx-vlan-stag-hw-insert off [fixed]</div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4496" style="margin:0px;">rx-vlan-stag-hw-parse off [fixed]</div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4498" style="margin:0px;">rx-vlan-stag-filter off [fixed]</div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4500" style="margin:0px;">l2-fwd-offload off [fixed]</div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4502" style="margin:0px;">khushal@hermes /var/log/suricata$ </div></div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4504" style="font-family:Helvetica;font-size:12px;"><font class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4506" face="Times" style="font-size:14px;"><br clear="none" class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4508"></font></div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4510" style="font-family:Helvetica;font-size:12px;"><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4512"><font class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4514" face="Times" style="font-size:14px;">Currently, I am facing an issue with HTTP packet capture on eth2(FC Port).</font></div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4512"><font class="yiv9530473680" face="Times" style="font-size:14px;"><br clear="none"></font></div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4516"><font class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4518" face="Times" style="font-size:14px;">Following are the details of this port </font></div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4520"><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4522" style="margin:0px;"><font class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4524" face="Times"><i class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4526" style="font-size:14px;">       description: Ethernet interface</i></font></div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4528" style="margin:0px;"><font class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4530" face="Times"><i class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4532" style="font-size:14px;">       product: MT27500 Family [ConnectX-3]</i></font></div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4534" style="margin:0px;"><font class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4536" face="Times"><i class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4538" style="font-size:14px;">       vendor: Mellanox Technologies</i></font></div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4540" style="margin:0px;"><font class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4542" face="Times"><i class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4544" style="font-size:14px;">       physical id: 0</i></font></div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4546" style="margin:0px;"><font class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4548" face="Times"><i class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4550" style="font-size:14px;">       bus info: pci@0000:03:00.0</i></font></div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4552" style="margin:0px;"><font class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4554" face="Times"><i class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4556" style="font-size:14px;">       logical name: eth2</i></font></div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4558" style="margin:0px;"><font class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4560" face="Times"><i class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4562" style="font-size:14px;">       version: 00</i></font></div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4564" style="margin:0px;"><font class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4566" face="Times"><i class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4568" style="font-size:14px;">       serial: 00:02:c9:23:12:00</i></font></div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4570" style="margin:0px;"><font class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4572" face="Times"><i class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4574" style="font-size:14px;">       width: 64 bits</i></font></div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4576" style="margin:0px;"><font class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4578" face="Times"><i class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4580" style="font-size:14px;">       clock: 33MHz</i></font></div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4582" style="margin:0px;"><font class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4584" face="Times"><i class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4586" style="font-size:14px;">       capabilities: pm vpd msix pciexpress bus_master cap_list rom ethernet physical fibre</i></font></div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4588" style="margin:0px;"><font class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4590" face="Times"><i class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4592" style="font-size:14px;">       configuration: autonegotiation=off broadcast=yes driver=mlx4_en driverversion=2.2-1 (Feb 2014) duplex=full firmware=2.11.500 latency=0 link=yes multicast=yes port=fibre</i></font></div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4594" style="margin:0px;"><font class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4596" face="Times"><i class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4598" style="font-size:14px;">       resources: irq:24 memory:dff00000-dfffffff memory:dd800000-ddffffff memory:dfe00000-dfefffff</i></font></div></div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4600" style="margin:0px;"><font class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4602" face="Times" style="font-size:14px;"><br clear="none" class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4604"></font></div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4606"><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4608"><font class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4610" face="Times" style="font-size:14px;"><br clear="none" class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4612"></font></div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4614"><font class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4616" face="Times" style="font-size:14px;">Basically eth2(FC port) is not able to capture HTTP packets. It can capture all types of packets except for http and the http log is empty. </font></div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4618"><font class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4620" face="Times" style="font-size:14px;"><br clear="none" class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4622"></font></div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4624"><font class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4626" face="Times" style="font-size:14px;">I was also facing the same issue on eth0(1G Copper port). After disabling offloading on eth0 and it started capturing HTTP packets. However, disabling offloading on eth2, does not help. </font></div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4628"><font class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4630" face="Times" style="font-size:14px;"><br clear="none" class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4632"></font></div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4634"><font class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4636" face="Times"></font><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4638" style="margin:0px;"><span class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4640" style="font-size:14px;">Suricata Version :</span></div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4642" style="margin:0px;"><span class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4644" style="font-size:14px;">This is Suricata version 2.0.8 RELEASE</span></div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4646" style="margin:0px;"><span class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4648" style="font-size:14px;"><br clear="none" class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4650"></span></div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4652" style="margin:0px;"><span class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4654" style="font-size:14px;">Please find suricata.yaml attached.</span></div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4656" style="margin:0px;"><span class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4658" style="font-size:14px;"><br clear="none" class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4660"></span></div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4662" style="margin:0px;"><span class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4664" style="font-size:14px;">Thanks, Khushal</span></div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4666" style="margin:0px;font-size:11px;font-family:Menlo;"><br clear="none" class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4668"></div><div class="yiv9530473680" id="yiv9530473680yui_3_16_0_1_1443713322019_4670" style="margin:0px;font-size:11px;font-family:Menlo;"></div></div></div></div><div class="yiv9530473680" dir="ltr" title="suricata.yaml" style="font-family:Helvetica;font-size:12px;" title-off=""></div></div></div></div></div><div class="yiv9530473680yqt7038563615" id="yiv9530473680yqtfd29229"><br clear="none"><br clear="none"></div></div><div class="yiv9530473680yqt7038563615" id="yiv9530473680yqtfd30335"> </div></div><div class="yiv9530473680yqt7038563615" id="yiv9530473680yqtfd59514"> </div></div><div class="yiv9530473680yqt7038563615" id="yiv9530473680yqtfd72255">  </div></div></div></div><br><br></div> </div> </div>  </div></body></html>