[Oisf-users] Kernel 4.4.x and Suricata timestamp issues
Andreas Herz
andi at geekosphere.org
Sun Feb 21 16:44:41 UTC 2016
Hi,
On 21/02/16 at 17:24, Kare wrote:
> I'm using ubuntu 14.04 lts 64 bit with one ethernet and nfqueue on a
> virtual machine with kvm and all is working fine. After upgrading from
> kernel 4.3.5 to 4.4.2 I have timestamp issus in fast.log output.
>
> 01/01/1970-01:00:00.000000 [Drop] [**] [1:2010935:2] ET POLICY
> Suspicious inbound to MSSQL port 1433 [**] [Classification: Potentially
> Bad Traffic] [Priority: 2] {TCP} xx.xx.xx.xx:xxxx -> xx.xx.xx.xx:1433
We couldn't reproduce that yet on other distris, see this ticket:
https://redmine.openinfosecfoundation.org/issues/1715
So it might be some ubuntu issue.
--
Andreas Herz
More information about the Oisf-users
mailing list