[Oisf-users] AF-packet mode not working

[Peter Manev]

On Wed, Dec 21, 2016 at 9:41 AM, Sergio Romero <SRomero at nexica.com> wrote:
> Hello Peter,
>
> Can you guide me a little to fill a bug report?
>

Sure.
If you are not registered - you can register here:
https://redmine.openinfosecfoundation.org/account/register

and then  sign in and file a bug report here -
https://redmine.openinfosecfoundation.org/projects/suricata/issues

> I'm attaching the config with networks removed for your revision.

Thank you -  I will have a look.

>
> Regards,
>
> Sergio
>
> -----Mensaje original-----
> De: Peter Manev [mailto:petermanev at gmail.com]
> Enviado el: martes, 20 de diciembre de 2016 17:45
> Para: Sergio Romero <SRomero at nexica.net>
> CC: oisf-users at lists.openinfosecfoundation.org
> Asunto: Re: [Oisf-users] AF-packet mode not working
>
> On Tue, Dec 20, 2016 at 9:48 AM, Sergio Romero <SRomero at nexica.com> wrote:
>> Hello Everyone,
>>
>>
>>
>> Upgrading to last 4.8 kernel do the trick and start OK, but still show
>> the "System too old for tpacket v3 switching to v2"… what do this mean?
>>
>>
>>
>> 20/12/2016 -- 09:26:54 - <Info> - 37 rule files processed. 11803 rules
>> successfully loaded, 0 rules failed
>>
>> 20/12/2016 -- 09:26:54 - <Info> - 11804 signatures processed. 1298 are
>> IP-only rules, 4447 are inspecting packet payload, 7567 inspect
>> application layer, 0 are decoder event only
>>
>> 20/12/2016 -- 09:26:56 - <Info> - Threshold config parsed: 0 rule(s)
>> found
>>
>> 20/12/2016 -- 09:26:56 - <Info> - fast output device (regular) initialized:
>> fast.log
>>
>> 20/12/2016 -- 09:26:56 - <Info> - eve-log output device (regular)
>> initialized: eve.json
>>
>> 20/12/2016 -- 09:26:56 - <Info> - stats output device (regular) initialized:
>> stats.log
>>
>> 20/12/2016 -- 09:26:56 - <Notice> - System too old for tpacket v3
>> switching to v2
>
> Can you please post a bug report?
>
> If it is possible  - could share your yaml config as well -  mask out the nets - no problem.
>



-- 
Regards,
Peter Manev