[Oisf-users] [FORGED] [FORGED] Broadcom NetXtreme II BCM5709 NIC
Peter Manev
petermanev at gmail.com
Wed Oct 21 14:32:14 UTC 2015
On Wed, Oct 21, 2015 at 3:51 AM, Russell Fulton <r.fulton at auckland.ac.nz> wrote:
>
>> On 21 Oct 2015, at 12:58, Leonard Jacobs <ljacobs at netsecuris.com> wrote:
>>
>> So the offloading disable fixes the problem?
>
> Sorry I have not been clear.
>
> changing the offloading had no effect. I have verified by looking at the logs that when I restarted suri after running the script it still gave errors. I needed to run the script manually because the initial puppet build specified the wrong interface and my puppet classes are not smart enough the fix that automaticallty.
>
> I am unclear as to why it suddenly starting working.
>
> Peter asked what changed in the config — i have just gone back to the diffs:
>
> I changed the forward_for option in both eve and unified logs from "extra-data" to “overwrite” for all my sensors and puppet downloaded the new config and restarted suricata. After this afpacket got up and went.
>
> I noticed when I went and checked stats.log and found no dropped packets — ps showed it was running with af packet so I checked log/message and saw that puppet had restarted it.
>
> I can’t see how this could affect the afpacket start up.
>
> That change was unrelated to my attempts to get afpacket to work.
Ok.
So if i understand correctly - it is working with af-packet in both
cases/set ups now, correct?
>
> Russell
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 4 & 5 in Barcelona: http://oisfevents.net
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list