[Oisf-users] [Question] suricata test with pcap-file(After upgrading the suricata version(2.0.11 --> 3.2))

박경호 pgh5247 at naver.com
Mon Jan 16 07:17:33 UTC 2017

-----Original Message-----
From: "Andreas Herz"<andi at geekosphere.org> 
To: <oisf-users at lists.openinfosecfoundation.org>; 
Sent: 2017-01-14 (토) 06:19:16
Subject: Re: [Oisf-users] [Question] suricata test with pcap-file(After upgrading the suricata version(2.0.11 --> 3.2))
On 12/01/17 at 10:48, 박경호 wrote:
> After upgrading the version from 2.0.11 to 3.2, I did the test again.
> Unfortunately, alert messages were different whenever the suricata was
> run with same a pcap-file.

Can you be more verbose about that?
==> i run the suricata like the following command : suricata -c suricata.yaml -r testpcap.pcap
      ( i never changed the configure file(.yaml)).

> I didn't change the configure file(suricata.yaml) and pcap-file's size
> is 693MB.  (pc memory is 8GB, cpu is intel i5-4460, os is Ubuntu
> 16.06)

Can you try to reproduce the issue with a smaller pcap file that you can
share with us?
==> After i try to reproduce with a smaller pcap file, i will share the result and pcap file.
> please explain to me about this situation.

I still need more details about your suricata configuration, how do you
run suricata, what did you configure?

An easy way to reproduce that for us will help to find a solution (after
we found what's the real issue you have).

Andreas Herz
Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170116/824c3551/attachment-0002.html>

More information about the Oisf-users mailing list