<div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr">ethtool -S <your interface name><div><br></div><div>Go ahead and enable the stats.log - either in form of a text file or a JSON, up to you.</div><div><br></div><div><a href="https://suricata.readthedocs.io/en/suricata-4.0.5/performance/statistics.html">https://suricata.readthedocs.io/en/suricata-4.0.5/performance/statistics.html</a><br></div><div><a href="https://suricata.readthedocs.io/en/suricata-4.0.5/output/eve/eve-json-output.html">https://suricata.readthedocs.io/en/suricata-4.0.5/output/eve/eve-json-output.html</a><br></div><div><a href="https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Statistics">https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Statistics</a><br></div><div><br></div><div>Then save these logs around events when the traffic suddenly disappears and we will go from there.</div><div><br></div></div></div></div></div><br><div class="gmail_quote"><div dir="ltr">On Tue, Nov 6, 2018 at 10:00 AM James Moe <<a href="mailto:jimoe@sohnen-moe.com">jimoe@sohnen-moe.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On 11/5/18 9:20 PM, Michał Purzyński wrote:<br>
<br>
> I find your lack of manners disturbing.<br>
><br>
  ?? The Subject is offensive? ("Release him")<br>
> Had everything been working before?<br>
><br>
  Yes.<br>
  No changes were made to the system at the time the logs went dormant.<br>
<br>
> When did it stop working?<br>
><br>
  1-Nov-2018.<br>
  And, today, all of the logs are active once again.<br>
<br>
> Have you made any changes to your Suricata sensor in the meantime?<br>
> <br>
  No.<br>
<br>
> Can you still see traffic?<br>
><br>
  Yes. Aside from the lack of some logging, it continues to function<br>
normally.<br>
<br>
> Please verify with ethtool -S<br>
><br>
$ ethtool -S<br>
ethtool: bad command line argument(s)<br>
<br>
-- <br>
James Moe<br>
moe dot james at sohnen-moe dot com<br>
520.743.3936<br>
Think.<br>
<br>
_______________________________________________<br>
Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org" target="_blank">oisf-users@openinfosecfoundation.org</a><br>
Site: <a href="http://suricata-ids.org" rel="noreferrer" target="_blank">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/" rel="noreferrer" target="_blank">http://suricata-ids.org/support/</a><br>
List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" rel="noreferrer" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
<br>
Conference: <a href="https://suricon.net" rel="noreferrer" target="_blank">https://suricon.net</a><br>
Trainings: <a href="https://suricata-ids.org/training/" rel="noreferrer" target="_blank">https://suricata-ids.org/training/</a></blockquote></div>