<p dir="ltr">Shouldnt suricata logging (suricata.log if enabled, and not sure of what verbose level needed) indicate what acquisition method is used?</p>
<br><div class="gmail_quote"><div dir="ltr">Den ons. 16. nov. 2016, 19:45 skrev erik clark <<a href="mailto:philosnef@gmail.com">philosnef@gmail.com</a>>:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr" class="gmail_msg">Ok, so I can't tell if either pfring or afpacket is actually being used by suricata. Previous versions of suricata had AFPacket in the stats.log indicating one or the other is loaded. Now, all it says:<div class="gmail_msg"><br class="gmail_msg"></div><div class="gmail_msg">(stat) | W#12-em3 | (value)</div><div class="gmail_msg"><br class="gmail_msg"></div><div class="gmail_msg">How can I tell that either afpacket or pfring is _actually_ being used as expected, when nothing in the stats.log file indicates that this is the case? Thanks!</div><div class="gmail_msg"><br class="gmail_msg"></div></div>
_______________________________________________<br class="gmail_msg">
Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org" class="gmail_msg" target="_blank">oisf-users@openinfosecfoundation.org</a><br class="gmail_msg">
Site: <a href="http://suricata-ids.org" rel="noreferrer" class="gmail_msg" target="_blank">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/" rel="noreferrer" class="gmail_msg" target="_blank">http://suricata-ids.org/support/</a><br class="gmail_msg">
List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" rel="noreferrer" class="gmail_msg" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br class="gmail_msg">
Suricata User Conference November 9-11 in Washington, DC: <a href="http://suricon.net" rel="noreferrer" class="gmail_msg" target="_blank">http://suricon.net</a></blockquote></div>