[Oisf-users] rule profiling question - no log files created
Andreas Herz
andi at geekosphere.org
Tue Jan 15 21:03:30 UTC 2019
Hi Konrad,
On 15/01/19 at 15:39, Konrad Weglowski wrote:
> Hey Andreas,
>
> I did double check with "--build-info" command that it is enabled and log
> dir is set correct/writable - other logs get written there no problem
> (alerts,stats, etc)
>
> build-info related output:
> ---
> Profiling enabled: yes
> Profiling locks enabled: no
> ---
>
> Below is command to run suricata used:
>
> suricata --pfring-int=p4p1 --pfring-cluster-id=98
> --pfring-cluster-type=cluster_flow --pidfile /var/run/suricata.pid
Could you try another runmode? At least with a test .pcap and the -r
runmode and see if it's working then?
> Do I need anything added under "outputs" section? Currently we use eve-log
> format for alerts and stats which is configured there.
>
> Thanks
>
> Konrad
>
> On Tue, Jan 8, 2019 at 3:30 PM Andreas Herz <andi at geekosphere.org> wrote:
>
> > Hi Konrad,
> >
> > On 08/01/19 at 15:01, Konrad Weglowski wrote:
> > > Hello,
> > >
> > > I would like to enable rule profiling for tuning purposes. Suricata has
> > > been compiled with profiling option and below config is in the
> > > suricata.yaml. None of the log files are being created however...do you
> > > know what can be possibly missing here?
> >
> > Did you double check if it's enabled when you pass '--build-info'?
> >
> > How do you start/run suricata?
> >
> > The log dir is set correct and writeable?
> >
> > Greetings
> >
> > --
> > Andreas Herz
> > _______________________________________________
> > Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> > Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> > List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> >
> > Conference: https://suricon.net
> > Trainings: https://suricata-ids.org/training/
--
Andreas Herz
More information about the Oisf-users
mailing list