[Oisf-users] problem with af-packet on host
erik clark
philosnef at gmail.com
Wed Nov 8 14:03:04 UTC 2017
Ok, so we found our problem. Turns out that kernel 4.13.4-1.elrepo.x86_64
does not work with Suricata for af_packet fanout. By downgrading to kernel
4.12.8-1.elrepo.x86_64, this worked again. Please advise as to why this
kernel does not seem to work. It properly fans out for Bro, so it seems to
be something specific to Suri. Thanks!
On Tue, Nov 7, 2017 at 12:59 PM, erik clark <philosnef at gmail.com> wrote:
> Soooo, we have this suricata.yaml file we use everywhere. On this new
> server, we are getting this fun:
>
> - Couldn't init AF_PACKET socket, fatal error
>
> Coudn't set fanout mode, error Invalid argument
>
> We are running 4.13 kernel, which supports tpacket_v3 and af_packet.
> Please advise. We can't find anything amiss in our conf. Thanks!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20171108/2b147245/attachment-0002.html>
More information about the Oisf-users
mailing list