[Oisf-users] What does it means??
C. L. Martinez
carlopmart at gmail.com
Wed Oct 9 13:55:05 UTC 2013
On Wed, Oct 9, 2013 at 1:49 PM, Peter Manev <petermanev at gmail.com> wrote:
>>>>
>>>> Nop, offloading is disbled:
>>>>
>>>> em4: flags=48943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST,MONITOR>
>>>> metric 0 mtu 1514
>>>> options=20d8<VLAN_MTU,VLAN_HWTAGGING,POLLING,VLAN_HWCSUM,WOL_MAGIC>
>>>> ether 52:54:00:44:f9:ee
>>>> inet6 fe80::5054:ff:fe44:f9ee%em4 prefixlen 64 scopeid 0x5
>>>> nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
>>>> media: Ethernet autoselect (1000baseT <full-duplex>)
>>>> status: active
>>>>
>>>>
>>>>> Do you have TCP checksums enabled in yaml?
>>>>
>>>> Nop, as you suggested some time ago :).
>>>
>>> aha :)
>>> So (if I remember correctly) - some time ago we managed to fix this
>>> issue with the drops. So what happened in between :) ?
>>>
>>
>> This is a different host monitoring different network, and with
>> different problems :)) ... Previous installation goes well after some
>> tunning in SPAN port configuration .... But I use this previous
>> suricata.yaml config as base for this installation ...
>
> And does this installation need some tuning in SPAN port
> configuration a well ? or you are past that stage?
>
No, it doesn't. In this installation I use an OpenBSD host to redirect
all traffic to this suricata sensor ..
More information about the Oisf-users
mailing list