[Oisf-users] Suricata not detecting app-layers
Victor Julien
lists at inliniac.net
Tue Dec 23 15:46:27 UTC 2014
(please keep the conversation on the list)
On 12/23/2014 03:24 PM, Joris Roefs l Onsight Solutions BV wrote:
> Hi Victor,
>
>> Do you have VLAN traffic by any chance? If so, this yaml setting may help:
>>
>> vlan:
>> use-for-tracking: false
>
> Thanks.
> We don't use VLANs on this side of the network.
> Tried it anyway - no luck.
Can you share a section of your 'stats.log'?
Can you record a part of the traffic and inspect it with tcpdump or
wireshark to see if the span port really sends you all the packets?
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list