[Oisf-users] suricata vlan log - onionsecurity is ok, selks ko
john nesh
john.nesh76 at gmail.com
Thu Feb 26 20:43:37 UTC 2015
You are right,
rx-vlan-offload: on
tx-vlan-offload: on
Do I have to disable it?
2015-02-26 21:04 GMT+01:00 Peter Manev <petermanev at gmail.com>:
> On Thu, Feb 26, 2015 at 8:18 PM, john nesh <john.nesh76 at gmail.com> wrote:
> > Hi,
> >
> > I am facing a different behaviour regarding vlans in logs.
> > I made an installation of securityonion and vlan worked log in eve.json
> > worked flawlessy but not in selks.
> > I have read that vlan behaviour had changed in 2.1
> >
> > in my suricata.yaml I have:
> >
> > vlan:
> > use-for-tracking: true
> >
> > But I have no log in eve.json.
> > Is this an expected behaviour?
>
> You might have vlan offloading enabled on your NIC - if that is the
> case you would need to disable it.
> (ethtool -k interface - will show the status)
>
> >
> > John
> >
> > _______________________________________________
> > Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> > Site: http://suricata-ids.org | Support:
> http://suricata-ids.org/support/
> > List:
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> > Training now available: http://suricata-ids.org/training/
>
>
>
> --
> Regards,
> Peter Manev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20150226/0d87b061/attachment-0002.html>
More information about the Oisf-users
mailing list