[Oisf-users] Cumulus ERSPAN - GREv0
Victor Julien
lists at inliniac.net
Wed Dec 11 14:07:45 UTC 2019
On 11-12-2019 14:19, Sharon, Golan wrote:
> Hi
>
> We are in the middle of integrating Suricata with Cumulus switches at a
> client site.
>
> Cumulus switch sends the data via ERSPAN – GREv0, by Suricata support,
> this should be supported (as for my knowledge, Please correct me if I am
> wrong).
> When we analyzed the packets, we found the packets still encapsulated,
> compared to GREv2 which we tested and were parsed by Suricata with no issue.
>
> What is the best approach dealing with the issue?
Can you open a ticket with a pcap attached?
Regards,
Victor
>
>
> Thank you in advance
>
>
>
> Golan Sharon
>
> Cyber Readiness & IR
>
> Security Associate Principal | Accenture Security | Maglan
>
> cid:e98e5894-ac80-4dd3-9ab6-64fbd9085e6c
> cid:18219709-c5de-4d98-9f66-a9fd04ffec50
> cid:19643a01-cc91-4470-8aec-456094318b96
>
>
>
>
>
>
> ------------------------------------------------------------------------
>
> This message is for the designated recipient only and may contain
> privileged, proprietary, or otherwise confidential information. If you
> have received it in error, please notify the sender immediately and
> delete the original. Any other use of the e-mail by you is prohibited.
> Where allowed by local law, electronic communications with Accenture and
> its affiliates, including e-mail and instant messaging (including
> content), may be scanned by our systems for the purposes of information
> security and assessment of internal compliance with Accenture policy.
> Your privacy is important to us. Accenture uses your personal data only
> in compliance with data protection laws. For further information on how
> Accenture processes your personal data, please see our privacy statement
> at https://www.accenture.com/us-en/privacy-policy.
> ______________________________________________________________________________________
>
> www.accenture.com
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
>
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list