Open Information Security Foundation

08/03/2020

07:14 PM Suricata Support #3811: eni monitoring

Without knowing how you configured the traffic mirror functionality for that interface?
Is there traffic you expec... Andreas Herz

07/08/2020

08:30 PM Suricata Support #3811: eni monitoring

So those machines are in your VPC, did you check with tcpdump if the traffic mirroring is working and you can see the... Andreas Herz

07/07/2020

07:55 PM Suricata Support #3811: eni monitoring

Please be patient, we don't have 24/7 support.
We also need more information about your setup, how do you run Suri... Andreas Herz

07:53 PM Suricata Support #3758 (Closed): Suricata Installation

Andreas Herz

06/30/2020

09:15 PM Suricata Documentation #3799: Deprecated configuration keyword in "Hardware bypass with Netronome"

I would encourage you to do so with the PR :) Andreas Herz

09:14 PM Suricata Support #3758: Suricata Installation

So you see traffic so it looks like it's running as expected as you can see in the eve.json.
THe interface setting... Andreas Herz

06/26/2020

08:16 PM Suricata Support #3778: AF_Packet Config Tweaks

Taylor Walton wrote in #note-4:
> Would this type of architecture work for an AF_PACKET deployment? Reading some oth... Andreas Herz

08:12 PM Suricata Support #3758: Suricata Installation

You have duplicated HOME_NET variable set, remove the upper one. But the suricata.log itself looks alright, no error ... Andreas Herz

06/20/2020

07:18 PM Suricata Support #3778: AF_Packet Config Tweaks

First of all, if you talk about AF_PACKET inline did you get rid of the NFQUEUE setup?
Those are two different appro... Andreas Herz

06/12/2020

08:13 PM Suricata Support #3758: Suricata Installation

What Distribution are you using? How did you install suricata? How does the configuration file look like? We need mor... Andreas Herz