[Oisf-users] suricata vlan log - onionsecurity is ok, selks ko
Peter Manev
petermanev at gmail.com
Thu Feb 26 20:53:06 UTC 2015
On Thu, Feb 26, 2015 at 9:43 PM, john nesh <john.nesh76 at gmail.com> wrote:
> You are right,
>
> rx-vlan-offload: on
> tx-vlan-offload: on
>
> Do I have to disable it?
Just run that -
/opt/selks/Scripts/Setup/reconfigure-listening-interface_stamus.sh
>
> 2015-02-26 21:04 GMT+01:00 Peter Manev <petermanev at gmail.com>:
>>
>> On Thu, Feb 26, 2015 at 8:18 PM, john nesh <john.nesh76 at gmail.com> wrote:
>> > Hi,
>> >
>> > I am facing a different behaviour regarding vlans in logs.
>> > I made an installation of securityonion and vlan worked log in eve.json
>> > worked flawlessy but not in selks.
>> > I have read that vlan behaviour had changed in 2.1
>> >
>> > in my suricata.yaml I have:
>> >
>> > vlan:
>> > use-for-tracking: true
>> >
>> > But I have no log in eve.json.
>> > Is this an expected behaviour?
>>
>> You might have vlan offloading enabled on your NIC - if that is the
>> case you would need to disable it.
>> (ethtool -k interface - will show the status)
>>
>> >
>> > John
>> >
>> > _______________________________________________
>> > Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> > Site: http://suricata-ids.org | Support:
>> > http://suricata-ids.org/support/
>> > List:
>> > https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> > Training now available: http://suricata-ids.org/training/
>>
>>
>>
>> --
>> Regards,
>> Peter Manev
>
>
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list