interface left/entered left promiscuous mode

[redbaron-gt]

My syslog is full of this:

May 11 18:27:10 mail-migrate kernel: device ens160 entered promiscuous mode
May 11 18:27:10 mail-migrate kernel: device ens160 left promiscuous mode
May 11 18:27:10 mail-migrate kernel: device ens160 entered promiscuous mode
May 11 18:27:10 mail-migrate kernel: device ens160 left promiscuous mode
May 11 18:27:10 mail-migrate kernel: device ens160 entered promiscuous mode
May 11 18:27:10 mail-migrate kernel: device ens160 left promiscuous mode
May 11 18:27:10 mail-migrate kernel: device ens160 entered promiscuous mode
May 11 18:27:10 mail-migrate kernel: device ens160 left promiscuous mode
May 11 18:27:10 mail-migrate kernel: device ens160 entered promiscuous mode
May 11 18:27:10 mail-migrate kernel: device ens160 left promiscuous mode
May 11 18:27:10 mail-migrate kernel: device ens160 entered promiscuous

Why software behaves like this and is there any solution?

[smitmartijn]

That is the IP spoof at work. Because roneo spoofs the reporter IP (original NetFlow source), the packets roneo sends to the target collectors need promiscuous mode. You can filter these messages out, depending on your syslog daemon. Here's an example for rsyslog: http://www.rsyslog.com/doc-rsyslog_conf_filter.html