[Oisf-users] rule does not always match
Peter Manev
petermanev at gmail.com
Thu Aug 24 16:33:00 UTC 2017
On Tue, Aug 22, 2017 at 9:44 AM, Vieri <rentorbuy at yahoo.com> wrote:
>
> ________________________________
> From: Peter Manev <petermanev at gmail.com>
>>
>> Please consider upgrading to latst stable and confirm.
>> Do you have a reproducible pcap you can share?
>
>
> I am unable to reproduce this issue anymore, even if I do not upgrade.
>
> I'm using Suricata "in-line" with iptables. Could it be that the undetected traffic I saw before was due to a temporary ressource issue given that I'm using NFQUEUE with "bypass"?
It is possible. (though it could be other things including traffic issues too)
You can have a look for some clues in the stats (or stats.log) and try
to see if anything odd is present (as long as you can reproduce it).
>
> NFQUEUE balance 0:5 bypass
>
> Vieri
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list