[Oisf-users] Curious problem
Anoop Saldanha
anoopsaldanha at gmail.com
Thu Apr 10 13:24:48 UTC 2014
On Thu, Apr 10, 2014 at 3:45 PM, Peter Manev <petermanev at gmail.com> wrote:
> On Thu, Apr 10, 2014 at 12:01 PM, Travel Factory S.r.l.
> <mc8647 at mclink.it> wrote:
>>
>> As you know I'm doing experiments with suricata 2.
>>
>> A couple of days ago I enabled all the rules I need and every morning I
>> found suricata only logging UDP packets in eve.json. No TCP traffic is
>> logged.
>>
>> Here there are 2 consecutive stats, just to see that there are dropped tcp:
>> http://pastebin.com/qMdhmfZg
>>
>> I also saw that suricata reached 34.2 GB and since I only have 32, swap was
>> in use....
>>
>> After restarting suricata, everything is logged.
>>
>> I just wanted to let you know...
>>
>> PS: of course I have to lower some memory settings and then check why memory
>> increases.
>
> Hi,
>
> Can you reproduce that repeatedly every time?
> Can you find out at approximately what time does it stop to log tcp
> traffic? How long after start? Does it stop logging tcp at about the
> same time?
>
> How much of traffic are you monitoring?
> What are your memcaps in suricata.yaml?
>
> thank you
>
>
Any chance you had scheduled a rule reload or carried out one?
--
-------------------------------
Anoop Saldanha
http://www.poona.me
-------------------------------
More information about the Oisf-users
mailing list