[Oisf-users] Suricata parsers

Tue Nov 8 12:57:52 UTC 2011

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello all

On 07/11/2011 17:59, Peter Manev wrote:
> Hi, This could very well be the reason. Are there any VLANs
> involved where the interface where Suricata listens to is not part
> of those VLANs/VLAN ?

Suricata is on a port carrying an RSPAN of traffic from elsewhere in
the network.

- From stats.log:

decoder.vlan              | Decode & Stream           | 0

which I presume means that Suricata itself isn't actually decoding
VLAN packets in the stream.

- -- 
Peter Bates
Senior Computer Security Officer    Phone: +44(0)2076792049
Information Services Division	    Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJOuSdQAAoJELhVoVpEMS6R/JkIAJHu9i8vEgLt3GULWCVvyoPb
XBqK5gqvZ/2oiWULxU5oCEk98yrGUSFpwJGXiYxAtSz8G1Im4nXhJnkzrK+eCsrb
OZPFmL1jvpvOm9MtNKRE/j9mS4Lj+/D7pT4nKT4fxo/yx77GlFICw10EynmtFF4g
FwWXZhTOLh/1P+PNbuQiySjTtDMqCHZQk8P+sfLDAB/V5WveUgjxENF3U307MVxg
1dK6X0uGfbXRD/+eaysW9wpnnFfJ87y6Nk5vDsldmt4G1dTfQ4fVIpO+gS/w7mWO
C0GfOG5AScRhDVgYSp9hxOVS5CQ8nB6m4R6SNIHfe1ymuDcYqcp9zzcLcN8w5vQ=
=60Gq
-----END PGP SIGNATURE-----