[Oisf-users] file extraction didn't work on Ubuntu 12.04/Suri-2.0
Shawn
citypw at gmail.com
Sat Mar 29 18:15:11 UTC 2014
hey Peter,
On Sat, Mar 29, 2014 at 9:48 PM, Peter Manev <petermanev at gmail.com> wrote:
> On Sat, Mar 29, 2014 at 8:44 AM, Shawn <citypw at gmail.com> wrote:
>> hey guys,
>>
>> I followed this
>> article:http://blog.inliniac.net/2011/11/29/file-extraction-in-suricata/
>>
>> *and trying to set up a suricata for testing the interesting feature
>> file extraction. But it seems didn't work. Could you plz review my
>> config file and rules? I really have no idea where could possibly be
>> wrong.
>>
>> Thanks!
>
> Did you follow these"
> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/File_Extraction
>
yes
> Also
> ethtool -k ethXXX
> everything should be OFF.
>
This is my NIC info:
Offload parameters for eth0:
rx-checksumming: off
tx-checksumming: off
scatter-gather: off
tcp-segmentation-offload: off
udp-fragmentation-offload: off
generic-segmentation-offload: off
generic-receive-offload: off
large-receive-offload: off
rx-vlan-offload: off
tx-vlan-offload: off
ntuple-filters: off
receive-hashing: off
I saw some "warnings" from the starting:
30/3/2014 -- 02:13:22 - <Notice> - This is Suricata version 2.0 RELEASE
30/3/2014 -- 02:13:27 - <Warning> - [ERRCODE:
SC_ERR_NOT_SUPPORTED(225)] - Eve-log support not compiled in.
Reconfigure/recompile with libjansson and its development files
installed to add eve-log support.
30/3/2014 -- 02:13:27 - <Notice> - all 13 packet processing threads, 3
management threads initialized, engine started.
Does it mean anything?
> Please let us know how it goes.
>
Thanks for your quickly reply!
>
>>
>> --
>> GNU powered it...
>> GPL protect it...
>> God blessing it...
>>
>> regards
>> Shawn
>>
>> _______________________________________________
>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> OISF: http://www.openinfosecfoundation.org/
>
>
>
> --
> Regards,
> Peter Manev
--
GNU powered it...
GPL protect it...
God blessing it...
regards
Shawn
-------------- next part --------------
A non-text attachment was scrubbed...
Name: suricata.yaml
Type: application/x-yaml
Size: 49244 bytes
Desc: not available
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20140330/0d01f7d0/attachment-0002.bin>
More information about the Oisf-users
mailing list