[Oisf-users] Kernel 4.4.x and Suricata timestamp issues
Kare
privat at it-connect-linux.de
Sat Feb 27 18:58:13 UTC 2016
Great thanks to Duarte Silva! His commit fixed the timestamp issue with
ubuntu for nfqueue mode.
https://github.com/inliniac/suricata/commit/2b263d55a2d0583a2c02e352bfe490fd4f42b39a
Regards
Am 21.02.2016 um 17:44 schrieb Andreas Herz:
> Hi,
>
> On 21/02/16 at 17:24, Kare wrote:
>> I'm using ubuntu 14.04 lts 64 bit with one ethernet and nfqueue on a
>> virtual machine with kvm and all is working fine. After upgrading from
>> kernel 4.3.5 to 4.4.2 I have timestamp issus in fast.log output.
>>
>> 01/01/1970-01:00:00.000000 [Drop] [**] [1:2010935:2] ET POLICY
>> Suspicious inbound to MSSQL port 1433 [**] [Classification: Potentially
>> Bad Traffic] [Priority: 2] {TCP} xx.xx.xx.xx:xxxx -> xx.xx.xx.xx:1433
> We couldn't reproduce that yet on other distris, see this ticket:
>
> https://redmine.openinfosecfoundation.org/issues/1715
>
> So it might be some ubuntu issue.
>
More information about the Oisf-users
mailing list