[Oisf-users] Really desperated: Suricata drops allmost packages
Andreas Herz
andi at geekosphere.org
Sat Mar 31 20:33:35 UTC 2018
On 30/03/18 at 18:15, C. L. Martinez wrote:
> On Wed, Mar 28, 2018 at 11:47:47PM +0200, Andreas Herz wrote:
> > On 23/03/18 at 09:42, C. L. Martinez wrote:
> > > ------------------------------------------------------------------------------------
> > > capture.kernel_packets | Total |
> > > 437700
> > > capture.kernel_drops | Total |
> > > 74114
> >
> > That's really bad, I agree.
> >
> > > 23/3/2018 -- 07:26:18 - <Info> - 9 rule files processed. 28727 rules
> > > successfully loaded, 0 rules failed
> >
> > Is it possible that you run it with no rules just to make sure it's not
> > related to any rule?
> >
> Ok, running with rules:
With no rules :)? At least the output showed no signatures loaded
> Counter | TM Name | Value
> ------------------------------------------------------------------------------------
> capture.kernel_packets | Total | 290657
> capture.kernel_drops | Total | 3787
Still drops but much lower. Do you see anything suspicious in the system
logs? So far there are quite a lot possible reasons and we should try to
narrow it down as best as we can.
--
Andreas Herz
More information about the Oisf-users
mailing list