[Oisf-users] Don't need no stinking logs

Michał Purzyński michalpurzynski1 at gmail.com
Tue Nov 6 18:12:21 UTC 2018


ethtool -S <your interface name>

Go ahead and enable the stats.log - either in form of a text file or a
JSON, up to you.

https://suricata.readthedocs.io/en/suricata-4.0.5/performance/statistics.html
https://suricata.readthedocs.io/en/suricata-4.0.5/output/eve/eve-json-output.html
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Statistics

Then save these logs around events when the traffic suddenly disappears and
we will go from there.


On Tue, Nov 6, 2018 at 10:00 AM James Moe <jimoe at sohnen-moe.com> wrote:

> On 11/5/18 9:20 PM, Michał Purzyński wrote:
>
> > I find your lack of manners disturbing.
> >
>   ?? The Subject is offensive? ("Release him")
> > Had everything been working before?
> >
>   Yes.
>   No changes were made to the system at the time the logs went dormant.
>
> > When did it stop working?
> >
>   1-Nov-2018.
>   And, today, all of the logs are active once again.
>
> > Have you made any changes to your Suricata sensor in the meantime?
> >
>   No.
>
> > Can you still see traffic?
> >
>   Yes. Aside from the lack of some logging, it continues to function
> normally.
>
> > Please verify with ethtool -S
> >
> $ ethtool -S
> ethtool: bad command line argument(s)
>
> --
> James Moe
> moe dot james at sohnen-moe dot com
> 520.743.3936
> Think.
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20181106/5632739c/attachment-0001.html>


More information about the Oisf-users mailing list