Open iamburakcinar opened 6 years ago
iamburakcinar
commented
6 years ago root@xx:/var/log/suricata# tail -f suricata*
==> suricata.log <==
[833] 20/12/2017 -- 20:26:02 - (util-ioctl.c:107)
==> suricata-start.log <==
[1607] 20/12/2017 -- 20:28:50 - (conf-yaml-loader.c:265)
pevma
commented
6 years ago On 20 Dec 2017, at 17:53, Burak CINAR notifications@github.com wrote:
hi all, I've attached span port of 10g interface to selks vm but i cant see any data on tcpdump, when i attach 1G interface its working fine but with 10g , nothing in capture .. is there additional setup for this case ?
thanks.
Can you please post the output if “lshw -C network”?
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.
pevma
commented
6 years ago On 20 Dec 2017, at 19:09, Burak CINAR notifications@github.com wrote:
root@xx:/var/log/suricata# tail -f suricata* ==> suricata.log <== [833] 20/12/2017 -- 20:26:02 - (util-ioctl.c:107) (GetIfaceMTU) -- Found an MTU of 1500 for 'ens33' [833] 20/12/2017 -- 20:26:02 - (util-ioctl.c:107) (GetIfaceMTU) -- Found an MTU of 1500 for 'ens33' [857] 20/12/2017 -- 20:26:02 - (util-daemon.c:134) (Daemonize) -- [ERRCODE: SC_ERR_DAEMON(87)] - Error changing to working directory [833] 20/12/2017 -- 20:26:03 - (util-daemon.c:73) (WaitForChild) -- [ERRCODE: SC_ERR_DAEMON(87)] - Child died unexpectedly [1607] 20/12/2017 -- 20:28:50 - (suricata.c:1109) (LogVersion) -- This is Suricata version 4.0.0-dev (rev b8428378) [1607] 20/12/2017 -- 20:28:50 - (util-cpu.c:171) (UtilCpuPrintSummary) -- CPUs/cores online: 4 [1607] 20/12/2017 -- 20:28:50 - (util-ioctl.c:107) (GetIfaceMTU) -- Found an MTU of 1500 for 'ens33' [1607] 20/12/2017 -- 20:28:50 - (util-ioctl.c:107) (GetIfaceMTU) -- Found an MTU of 1500 for 'ens33' [1608] 20/12/2017 -- 20:28:50 - (util-daemon.c:134) (Daemonize) -- [ERRCODE: SC_ERR_DAEMON(87)] - Error changing to working directory [1607] 20/12/2017 -- 20:28:51 - (util-daemon.c:73) (WaitForChild) -- [ERRCODE: SC_ERR_DAEMON(87)] - Child died unexpectedly
==> suricata-start.log <== [1607] 20/12/2017 -- 20:28:50 - (conf-yaml-loader.c:265) (ConfYamlParse) -- Configuration node 'stats' redefined. [1607] 20/12/2017 -- 20:28:50 - (conf-yaml-loader.c:265) (ConfYamlParse) -- Configuration node 'outputs' redefined. [1607] 20/12/2017 -- 20:28:50 - (conf-yaml-loader.c:265) (ConfYamlParse) -- Configuration node 'logging' redefined. [1607] 20/12/2017 -- 20:28:50 - (conf-yaml-loader.c:265) (ConfYamlParse) -- Configuration node 'af-packet' redefined. [1607] 20/12/2017 -- 20:28:50 - (suricata.c:1109) (LogVersion) -- This is Suricata version 4.0.0-dev (rev b8428378) [1607] 20/12/2017 -- 20:28:50 - (util-cpu.c:171) (UtilCpuPrintSummary) -- CPUs/cores online: 4 [1607] 20/12/2017 -- 20:28:50 - (util-ioctl.c:107) (GetIfaceMTU) -- Found an MTU of 1500 for 'ens33' [1607] 20/12/2017 -- 20:28:50 - (util-ioctl.c:107) (GetIfaceMTU) -- Found an MTU of 1500 for 'ens33' [1608] 20/12/2017 -- 20:28:50 - (util-daemon.c:134) (Daemonize) -- [ERRCODE: SC_ERR_DAEMON(87)] - Error changing to working directory [1607] 20/12/2017 -- 20:28:51 - (util-daemon.c:73) (WaitForChild) -- [ERRCODE: SC_ERR_DAEMON(87)] - Child died unexpectedly
Have you changed the names of any output directories or their permissions ?
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.
iamburakcinar
commented
6 years ago hi again,
after checking your command output i realized that 10gbit driver not installed on selks vm. installed firmware-bnx2x_0.43_all.deb package but still same.
Im using QLogic 57810 10Gb Ethernet SFP+ x 2 card .
root@selks-vm:~# lshw -C network -network:0
description: Ethernet interface product: 82545EM Gigabit Ethernet Controller (Copper) vendor: Intel Corporation physical id: 0 bus info: pci@0000:02:00.0 logical name: ens32 version: 01 serial: 00:50:56:b3:c3:40 size: 1Gbit/s capacity: 1Gbit/s width: 64 bits clock: 66MHz capabilities: pm pcix bus_master cap_list rom ethernet physical logical tp 10bt 10bt-fd 100bt 100bt-fd 1000bt-fd autonegotiation configuration: autonegotiation=on broadcast=yes driver=e1000 driverversion=7.3.21-k8-NAPI duplex=full ip=172.20.18.249 latency=0 link=yes mingnt=255 multicast=yes port=twisted pair speed=1Gbit/s resources: irq:18 memory:fd5c0000-fd5dffff memory:fdff0000-fdffffff ioport:2000(size=64) memory:fd500000-fd50ffff -network:1 description: Ethernet interface product: 82545EM Gigabit Ethernet Controller (Copper) vendor: Intel Corporation physical id: 1 bus info: pci@0000:02:01.0 logical name: ens33 version: 01 serial: 00:50:56:b3:e4:8c size: 1Gbit/s capacity: 1Gbit/s width: 64 bits clock: 66MHz capabilities: pm pcix bus_master cap_list rom ethernet physical logical tp 10bt 10bt-fd 100bt 100bt-fd 1000bt-fd autonegotiation configuration: autonegotiation=on broadcast=yes driver=e1000 driverversion=7.3.21-k8-NAPI duplex=full latency=0 link=yes mingnt=255 multicast=yes port=twisted pair speed=1Gbit/s resources: irq:19 memory:fd5a0000-fd5bffff memory:fdfe0000-fdfeffff ioport:2040(size=64) memory:fd510000-fd51ffff root@selks-vm:~#
iamburakcinar
commented
6 years ago everything is seems fine but still no data..
root@selks:~# systemctl restart suricata root@selks:~# lspci | grep -iE --color 'network|ethernet' 02:00.0 Ethernet controller: Intel Corporation 82545EM Gigabit Ethernet Controller (Copper) (rev 01) 03:00.0 Ethernet controller: VMware VMXNET3 Ethernet Controller (rev 01)
pevma
commented
6 years ago Can you please share your suricata.log? Any errors there ?
hi all, I've attached span port of 10g interface to selks vm but i cant see any data on tcpdump, when i attach 1G interface its working fine but with 10g , nothing in capture .. is there additional setup for this case ?
thanks.