[Oisf-users] suricata vlan log - onionsecurity is ok, selks ko

Peter Manev petermanev at gmail.com
Thu Feb 26 20:04:50 UTC 2015


On Thu, Feb 26, 2015 at 8:18 PM, john nesh <john.nesh76 at gmail.com> wrote:
> Hi,
>
> I am facing a different behaviour regarding vlans in logs.
> I made an installation of securityonion and vlan worked log in eve.json
> worked flawlessy but not in selks.
> I have read that vlan behaviour had changed in 2.1
>
> in my suricata.yaml I have:
>
>  vlan:
>    use-for-tracking: true
>
> But I have no log in eve.json.
> Is this an expected behaviour?

You might have vlan offloading enabled on your NIC - if that is the
case you would need to disable it.
(ethtool -k interface - will show the status)

>
> John
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Training now available: http://suricata-ids.org/training/



-- 
Regards,
Peter Manev



More information about the Oisf-users mailing list