Hi,
After updating and rebuilding suricata 4.0.1 with the latest changes to
the apt-stable pfring repo (7.0.0-1598) we lost all app-layer events in
suricata. flow and ip based alerts are still generated but every other
events seem to be gone.
On the same machine we switched to af_packet and the events showed up again.
Question: has suricata 4.x been tested with pf_ring 7.x ??
Regards,
--
Robert Haist
Head of Security Engineering
T: +49 151 205 589 31
E: robert.haist@dcso.de
W: https://www.dcso.de
DCSO Deutsche Cyber-Sicherheitsorganisation GmbH
Rosenthaler Straße 40, 10178 Berlin, Germany
Geschäftsführer: Dr.-Ing. Gunnar Siebert
Sitz der Gesellschaft: Berlin | Amtsgericht Charlottenburg, HRB 172382
After updating and rebuilding suricata 4.0.1 with the latest changes to
the apt-stable pfring repo (7.0.0-1598) we lost all app-layer events in
suricata. flow and ip based alerts are still generated but every other
events seem to be gone.
On the same machine we switched to af_packet and the events showed up again.
Question: has suricata 4.x been tested with pf_ring 7.x ??
Regards,
--
Robert Haist
Head of Security Engineering
T: +49 151 205 589 31
E: robert.haist@dcso.de
W: https://www.dcso.de
DCSO Deutsche Cyber-Sicherheitsorganisation GmbH
Rosenthaler Straße 40, 10178 Berlin, Germany
Geschäftsführer: Dr.-Ing. Gunnar Siebert
Sitz der Gesellschaft: Berlin | Amtsgericht Charlottenburg, HRB 172382
Attached Files:
-
signature.asc (0.81 KB)