[Oisf-users] Suricata stops seeing packets, afpacket
Andreas Herz
andi at geekosphere.org
Fri Aug 11 20:32:35 UTC 2017
On 11/08/17 at 09:39, Chris Fauerbach wrote:
> Good morning all! I’ve deployed Suricata 3.2.1 across a few dozen
> CentOS 7 based sensors, and I see an occasional issue with sensors in a
> virtual environment (may be a red herring).
I would at least update to 3.2.3 or better 4.0.0.
> After a period of time, Suricata stops getting packets from the af packet
> interface.
What kernel? nic?
Is there anything in suricata.log or stats.log at that moment?
Do you see anything in the syslog/dmesg?
Without more details it's hard to tell.
--
Andreas Herz
More information about the Oisf-users
mailing list