[Oisf-users] Suricata - Cent OS configuration
Jitendra
jkilambi at gmail.com
Fri Jul 24 06:20:28 UTC 2015
Hello All,
Am I able to get some assistance with respect to running Af-Packet on
suricata?
I have configured the interfaces and copy-ifaces with mm-map, however, it
would seem the bridge is not forming?
I can see packets traverse the interfaces, the interfaces themselves are in
promiscuous mode. Suricata seems to be running fine as per the log.
However, either interfaces on the edge devices are not seeing eachother.
24/7/2015 -- 16:13:05 - <Info> - http-log output device (regular)
initialized: http.log
24/7/2015 -- 16:13:05 - <Info> - Adding interface enp14s0f0 from config file
24/7/2015 -- 16:13:05 - <Info> - Adding interface enp14s0f1 from config file
24/7/2015 -- 16:13:05 - <Info> - Enabling mmaped capture on iface enp14s0f0
24/7/2015 -- 16:13:05 - <Info> - AF_PACKET TAP mode activated
enp14s0f0->enp14s0f1
24/7/2015 -- 16:13:05 - <Info> - Using flow cluster mode for AF_PACKET
(iface enp14s0f0)
24/7/2015 -- 16:13:05 - <Info> - Using defrag kernel functionality for
AF_PACKET (iface enp14s0f0)
24/7/2015 -- 16:13:05 - <Info> - Going to use 1 thread(s)
24/7/2015 -- 16:13:05 - <Info> - Enabling zero copy mode
24/7/2015 -- 16:13:05 - <Info> - Enabling zero copy mode by using data
release call
24/7/2015 -- 16:13:05 - <Info> - Enabling mmaped capture on iface enp14s0f1
24/7/2015 -- 16:13:05 - <Info> - AF_PACKET TAP mode activated
enp14s0f1->enp14s0f0
24/7/2015 -- 16:13:05 - <Info> - Using flow cluster mode for AF_PACKET
(iface enp14s0f1)
24/7/2015 -- 16:13:05 - <Info> - Using defrag kernel functionality for
AF_PACKET (iface enp14s0f1)
24/7/2015 -- 16:13:05 - <Info> - Going to use 1 thread(s)
24/7/2015 -- 16:13:05 - <Info> - Enabling zero copy mode
24/7/2015 -- 16:13:05 - <Info> - Enabling zero copy mode by using data
release call
24/7/2015 -- 16:13:05 - <Info> - Found an MTU of 1500 for 'enp14s0f1'
24/7/2015 -- 16:13:05 - <Info> - Found an MTU of 1500 for 'enp14s0f0'
24/7/2015 -- 16:13:05 - <Info> - RunModeIdsAFPWorkers initialised
24/7/2015 -- 16:13:05 - <Notice> - all 2 packet processing threads, 3
management threads initialized, engine started.
24/7/2015 -- 16:13:05 - <Info> - Setting AF_PACKET socket buffer to 64535
24/7/2015 -- 16:13:05 - <Info> - Generic Receive Offload is unset on
enp14s0f0
24/7/2015 -- 16:13:05 - <Info> - Large Receive Offload is unset on enp14s0f0
24/7/2015 -- 16:13:05 - <Info> - AF_PACKET RX Ring params: block_size=32768
block_nr=15001 frame_size=1584 frame_nr=300020
24/7/2015 -- 16:13:05 - <Info> - Using interface 'enp14s0f0' via socket 9
24/7/2015 -- 16:13:05 - <Info> - Thread AFPacketenp14s0 using socket 9
24/7/2015 -- 16:13:05 - <Info> - Setting AF_PACKET socket buffer to 64535
24/7/2015 -- 16:13:05 - <Info> - Generic Receive Offload is unset on
enp14s0f1
24/7/2015 -- 16:13:05 - <Info> - Large Receive Offload is unset on enp14s0f1
24/7/2015 -- 16:13:05 - <Info> - AF_PACKET RX Ring params: block_size=32768
block_nr=15001 frame_size=1584 frame_nr=300020
24/7/2015 -- 16:13:06 - <Info> - Using interface 'enp14s0f1' via socket 10
24/7/2015 -- 16:13:06 - <Info> - All AFP capture threads are running.
24/7/2015 -- 16:13:06 - <Info> - Thread AFPacketenp14s0 using socket 10
24/7/2015 -- 16:13:06 - <Info> - Starting to read on AFPacketenp14s0
24/7/2015 -- 16:13:06 - <Info> - Starting to read on AFPacketenp14s0
Thanks in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20150724/256157d4/attachment.html>
More information about the Oisf-users
mailing list