[Oisf-users] Curious problem
Peter Manev
petermanev at gmail.com
Thu Apr 10 10:15:34 UTC 2014
On Thu, Apr 10, 2014 at 12:01 PM, Travel Factory S.r.l.
<mc8647 at mclink.it> wrote:
>
> As you know I'm doing experiments with suricata 2.
>
> A couple of days ago I enabled all the rules I need and every morning I
> found suricata only logging UDP packets in eve.json. No TCP traffic is
> logged.
>
> Here there are 2 consecutive stats, just to see that there are dropped tcp:
> http://pastebin.com/qMdhmfZg
>
> I also saw that suricata reached 34.2 GB and since I only have 32, swap was
> in use....
>
> After restarting suricata, everything is logged.
>
> I just wanted to let you know...
>
> PS: of course I have to lower some memory settings and then check why memory
> increases.
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
Hi,
Can you reproduce that repeatedly every time?
Can you find out at approximately what time does it stop to log tcp
traffic? How long after start? Does it stop logging tcp at about the
same time?
How much of traffic are you monitoring?
What are your memcaps in suricata.yaml?
thank you
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list