[Oisf-users] Kernel 4.4.x and Suricata timestamp issues

Duarte Silva duarte.silva at serializing.me
Sat Feb 27 20:46:54 UTC 2016


That fix isn’t mine. Glad it fixed the issue though 😉

De: Kare
Enviado: 27 de fevereiro de 2016 19:58
Para: oisf-users at lists.openinfosecfoundation.org
Assunto: Re: [Oisf-users] Kernel 4.4.x and Suricata timestamp issues

Great thanks to Duarte Silva! His commit fixed the timestamp issue with
ubuntu for nfqueue mode.

https://github.com/inliniac/suricata/commit/2b263d55a2d0583a2c02e352bfe490fd4f42b39a

Regards

Am 21.02.2016 um 17:44 schrieb Andreas Herz:
> Hi,
>
> On 21/02/16 at 17:24, Kare wrote:
>> I'm using ubuntu 14.04 lts 64 bit with one ethernet and nfqueue on a
>> virtual machine with kvm and all is working fine. After upgrading from
>> kernel 4.3.5 to 4.4.2 I have timestamp issus in fast.log output.
>>
>> 01/01/1970-01:00:00.000000  [Drop] [**] [1:2010935:2] ET POLICY
>> Suspicious inbound to MSSQL port 1433 [**] [Classification: Potentially
>> Bad Traffic] [Priority: 2] {TCP} xx.xx.xx.xx:xxxx -> xx.xx.xx.xx:1433
> We couldn't reproduce that yet on other distris, see this ticket:
>
> https://redmine.openinfosecfoundation.org/issues/1715
>
> So it might be some ubuntu issue.
>

_______________________________________________
Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
Suricata User Conference November 9-11 in Washington, DC: http://oisfevents.net

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160227/29962613/attachment-0002.html>


More information about the Oisf-users mailing list