[Oisf-users] Suricata erspan support impact on packet eve logging?
Jeremy MJ
jskier at gmail.com
Thu Jul 30 16:22:33 UTC 2015
Correction, Ethernet only, not TCP.
--
Jeremy MJ
On Thu, Jul 30, 2015 at 11:19 AM, Jeremy MJ <jskier at gmail.com> wrote:
> Greetings,
>
> I noticed that data in the packet field of the alert event in the json
> eve log no longer contains any IP header information (only TCP and raw
> data). I believe this may be related to erspan support, but want to be
> sure before entering a ticket.
>
> Is anyone else using erspan with suricata? Or testing a newer dev
> version without erspan and logging packets to json eve log? Curious to
> hear some feedback.
>
> I'm running Suricata version 2.1dev (rev e583de0), af_packet, 1 gig erspan.
>
> Regards,
>
> --
> Jeremy MJ
More information about the Oisf-users
mailing list