[Oisf-devel] Latest 2.0dev (rev 68ba9df) + PF_RING (+DNA+libzero) = no HTTP logs
Chris Wakelin
c.d.wakelin at reading.ac.uk
Tue Sep 24 14:46:34 UTC 2013
On 24/09/13 15:33, Victor Julien wrote:
> On 09/24/2013 04:30 PM, Chris Wakelin wrote:
>> Hi,
>>
>> I may be doing something wrong, but I've just tried this morning's git
>> master (rev 68ba9df - i.e. just before the SSL updates - compiled with
>> my current PF_RING, version 5.6.0) on the student network and it seems
>> to failing to log any HTTP (or HTTP alerts). There were some UDP alerts
>> though.
>>
...
>> Running Suricata against a pcap is fine, so it does seem to be a PF_RING
>> issue.
>
> One thing I can think of is vlan handling. We recently added vlan
> tracking for flows. It can be disabled in the yaml:
>
> vlan:
> use-for-tracking: true
>
> It defaults to 'true' if missing.
>
You're right, of course. I remember seeing that and thinking I'd better
remember to turn that off! It seems to be working now.
So a University of Reading + Extreme Networks switch issue (VLAN-tagging
only one direction on a port mirror), not a PF_RING one :-)
Best Wishes,
Chris
--
--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+-
Christopher Wakelin, c.d.wakelin at reading.ac.uk
IT Services Centre, The University of Reading, Tel: +44 (0)118 378 2908
Whiteknights, Reading, RG6 6AF, UK Fax: +44 (0)118 975 3094
More information about the Oisf-devel
mailing list