[Oisf-users] Problem with understanding app-layer-events.rules
Evgeniy Danilenko
e.danilenko at mobidev.biz
Tue Jan 26 09:10:01 UTC 2016
thank you for reply, but still not quite understandable...
Is it mean some network misconfiguration, network anomaly and we should
investigate it or just it could be caused by the way we are collecting
traffic (we using SPAN port on main switch for traffic collecting), so
we should just tune the rule (in which way?) or simply disable it?
On 25.01.2016 20:02, Cooper F. Nelson wrote:
> When we saw problems like this it turned out to be an issue with our
> capture mechanism only forwarding traffic in a single directions from
> certain vlans.
>
> -Coop
>
> On 1/25/2016 6:44 AM, Evgeniy Danilenko wrote:
> > Hello Guys!
>
> > In my installation of suricata, i have a lot of alerts like:
>
> > - SURICATA Applayer Mismatch protocol both directions;
> > - Wrong direction first Data;
>
> > and especially:
>
> > - Detect protocol only one direction;
>
> > What does they mean? Do i have some problem with installed services?
>
>
--
Evgeniy Danilenko
Network Engineer at MobiDev <http://mobidev.biz/>
More information about the Oisf-users
mailing list