Project

General

Profile

Actions
Copy link

Bug #1328

closed

No vlanid in pcap-log

Added by Andreas Moe over 9 years ago. Updated about 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
OISF Dev
Target version:
-
Affected Versions:
Effort:
Difficulty:
Label:

Description

I have a suricata box with getting data from a SPAN. If i run tcpdump on this interface is see the VLAN-IDs that the packets are tagged with. But the data that suricata stores through alerts.pcap-log are not saved with vlanid. 1) Why is this? 2) Is this something we can change?

Actions
Copy link
 #1

Updated by Andreas Moe over 9 years ago

Sorry, i ment in the outputs.pcap-log not alerts.pcap-log.

Actions
Copy link
 #2

Updated by Victor Julien over 9 years ago

I don't see why this happens actually. We should just pass on the raw packets.

Actions
Copy link
 #3

Updated by Andreas Herz about 8 years ago

  • Assignee set to OISF Dev
  • Target version set to TBD
Actions
Copy link
 #4

Updated by Victor Julien over 7 years ago

Related to #1780

Actions
Copy link
 #5

Updated by Andreas Herz over 6 years ago

Can you test it again with the fixes?

Actions
Copy link
 #6

Updated by Andreas Herz almost 6 years ago

  • Status changed from New to Closed

Hi, we're closing this issue since there have been no further responses.
If you think this bug is still relevant, try to test it again with the
most recent version of suricata and reopen the issue. If you want to
improve the bug report please take a look at
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs

Actions
Copy link
 #7

Updated by Victor Julien about 5 years ago

  • Target version deleted (TBD)
Actions
Copy link

Also available in: Atom PDF