[Oisf-users] [FORGED] [FORGED] Broadcom NetXtreme II BCM5709 NIC

[Russell Fulton]

> On 21 Oct 2015, at 12:58, Leonard Jacobs <ljacobs at netsecuris.com> wrote:
> 
> So the offloading disable fixes the problem?

Sorry I have not been clear.

changing the offloading had no effect.  I have verified by looking at the logs that when I restarted suri after running the script it still gave errors.  I needed to run the script manually because the initial puppet build specified the wrong interface and my puppet classes are not smart enough the fix that automaticallty.

I am unclear as to why it suddenly starting working.  

Peter asked what changed in the config — i have just gone back to the diffs:

I changed the forward_for option in both eve and unified logs from  "extra-data" to “overwrite” for all my sensors and puppet downloaded the new config and restarted suricata.  After this afpacket got up and went.

I noticed when I went and checked stats.log and found no dropped packets — ps showed it was running with af packet so I checked log/message and saw that puppet had restarted it.

I can’t see how this could affect the afpacket start up.

That change was unrelated to my attempts to get afpacket to work.

Russell