[Oisf-users] Cumulus ERSPAN - GREv0

Victor Julien lists at inliniac.net
Wed Dec 11 14:07:45 UTC 2019 

On 11-12-2019 14:19, Sharon, Golan wrote:
> Hi
> 
> We are in the middle of integrating Suricata with Cumulus switches at a
> client site.
> 
> Cumulus switch sends the data via ERSPAN – GREv0, by Suricata support,
> this should be supported (as for my knowledge, Please correct me if I am
> wrong).
> When we analyzed the packets, we found the packets still encapsulated,
> compared to GREv2 which we tested and were parsed by Suricata with no issue.
> 
> What is the best approach dealing with the issue?

Can you open a ticket with a pcap attached?

Regards,
Victor


>  
> 
> Thank you in advance
> 
>  
> 
> Golan Sharon
> 
> Cyber Readiness & IR
> 
> Security Associate Principal | Accenture Security | Maglan
> 
> cid:e98e5894-ac80-4dd3-9ab6-64fbd9085e6c   
>  cid:18219709-c5de-4d98-9f66-a9fd04ffec50   
>  cid:19643a01-cc91-4470-8aec-456094318b96
> 
>  
> 
>  
> 
> 
> ------------------------------------------------------------------------
> 
> This message is for the designated recipient only and may contain
> privileged, proprietary, or otherwise confidential information. If you
> have received it in error, please notify the sender immediately and
> delete the original. Any other use of the e-mail by you is prohibited.
> Where allowed by local law, electronic communications with Accenture and
> its affiliates, including e-mail and instant messaging (including
> content), may be scanned by our systems for the purposes of information
> security and assessment of internal compliance with Accenture policy.
> Your privacy is important to us. Accenture uses your personal data only
> in compliance with data protection laws. For further information on how
> Accenture processes your personal data, please see our privacy statement
> at https://www.accenture.com/us-en/privacy-policy.
> ______________________________________________________________________________________
> 
> www.accenture.com
> 
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> 
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
> 


-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------

More information about the Oisf-users mailing list