[prev in list] [next in list] [prev in thread] [next in thread]
List: oisf-users
Subject: Re: [Oisf-users] Problems starting Suricata
From: Amar Rathore - CounterSnipe Systems <amar () countersnipe ! com>
Date: 2017-10-25 21:36:08
Message-ID: 880676498.64500.1508967368420 () webmail ! networksolutionsemail ! com
[Download RAW message or body]
------=_Part_64499_662297506.1508967368405
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Hi Charles
If that works for you, is the fix not achievable by setting those options in \
configuration files using ETHTOOL_OPTS parameter?
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s1-networkscripts-interfaces.html
Moreover, I would be interested in learning as to how you arrived at that resolve in \
the first place?
Amar
> On October 25, 2017 at 12:13 PM Charles Devoe <Charles.Devoe@cisecurity.org> wrote:
>
>
> I have a Dell R630 system with an Intel X710 DP 10 GB DA/SFP+ + I350 DP 1GB \
> Daughter card and an Intel X710 Dual Port 10GB PCI Card.
> It is Running Red Hat 6.8 kernel 3.8.13-118.8.1.el6uek.x86_64, Suricata 3.0
>
>
>
> NIC driver: i40e, version: 2.2.4 Latest firmware.
>
>
> When the system boots the NIC cards will only observe broadcast traffic. In order \
> for the card to receive all traffic being forwarded to it I have to do the \
> following
> 1. Stop em1, em2, p3p1,p3p2 (ifdown)
> 2. modprobe –r i40e
>
> 3. modprobe i40e
>
> 4. Configure the interfaces
>
> ethtool -K em1 tso off gro off ufo off lro off gso off rx off tx off rxvlan off \
> txvlan off
> ethtool -L em1 combined 1
>
> ethtool -K em2 tso off gro off ufo off lro off gso off rx off tx off rxvlan off \
> txvlan off
> ethtool -L em2 combined 1
>
> ethtool -K p3p1 tso off gro off ufo off lro off gso off rx off tx off rxvlan off \
> txvlan off
> ethtool -L p3p1 combined 1
>
> ethtool -K p3p2 tso off gro off ufo off lro off gso off rx off tx off rxvlan off \
> txvlan off
> ethtool -L p3p2 combined 1
>
> 5. Bring the interfaces up (ifup)
> 6. Start Suricata
>
> We have 100+ sensors with Intel cards in them with no issues.
>
> Has anyone experienced this issue and is there a fix????
>
>
>
>
>
>
> This message and attachments may contain confidential information. If it appears \
> that this message was sent to you by mistake, any retention, dissemination, \
> distribution or copying of this message and attachments is strictly prohibited. \
> Please notify the sender immediately and permanently delete the message and any \
> attachments.
> . . . . .
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users@openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
>
Kind regards
Amar Rathore
CounterSnipe Systems LLC
Tel: +1 617 701 7213
Mobile: +44 (0) 7876 233333
Skype ID: amarrathore
Web: www.countersnipe.com <http://www.countersnipe.com/>
This message contains confidential information and is intended only for the \
individual named. If you are not the named addressee you should not disseminate, \
distribute or copy this e-mail. Please notify the sender immediately by e-mail if you \
have received this e-mail by mistake and delete this e-mail from your system.
E-mail transmission cannot be guaranteed to be secure or error-free as information \
could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or \
contain viruses. The sender therefore does not accept liability for any errors or \
omissions.
------=_Part_64499_662297506.1508967368405
MIME-Version: 1.0
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE html>
<html><head>
<meta charset="UTF-8">
</head><body><p>Hi Charles</p><p>If that works for you, is the fix not achievable by \
setting those options in configuration files using <span style="font-family: Courier \
New;">ETHTOOL_OPTS <span style="font-family: \
helvetica,arial,sans-serif;">parameter?</span></span></p><p><span style="font-family: \
Courier New;"><span style="font-family: helvetica,arial,sans-serif;"><a \
href="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/De \
ployment_Guide/s1-networkscripts-interfaces.html">https://access.redhat.com/documentat \
ion/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s1-networkscripts-interfaces.html</a></span></span></p><p><span \
style="font-family: Courier New;"><span style="font-family: \
helvetica,arial,sans-serif;">Moreover, I would be interested in learning as to \
how you arrived at that resolve in the first place? \
<br></span></span></p><p><span style="font-family: Courier New;"><span \
style="font-family: helvetica,arial,sans-serif;">Amar<br></span></span></p><p><span \
style="font-family: Courier New;"><span style="font-family: \
helvetica,arial,sans-serif;"><br></span></span></p><blockquote type="cite"><!-- [if \
gte mso 9]><xml> <o shapedefaults v:ext="edit" spidmax="1026" ></o>
</xml><![endif] --><!-- [if gte mso 9]><xml>
<o shapelayout v:ext="edit">
<o idmap v:ext="edit" data="1" ></o>
</o:shapelayout></xml><![endif] -->On October 25, 2017 at 12:13 PM Charles Devoe \
<Charles.Devoe@cisecurity.org> wrote:<br><br><div \
class="ox-dc8a5e046b-ox-9cd7dc7041-WordSection1"><p \
class="ox-dc8a5e046b-ox-9cd7dc7041-MsoNormal">I have a Dell R630 system with an Intel \
X710 DP 10 GB DA/SFP+ + I350 DP 1GB Daughter card and an Intel X710 Dual Port 10GB \
PCI Card.  <br> <br> It is Running Red Hat 6.8 kernel \
 3.8.13-118.8.1.el6uek.x86_64, Suricata 3.0</p><p \
class="ox-dc8a5e046b-ox-9cd7dc7041-MsoNormal"> </p><p \
class="ox-dc8a5e046b-ox-9cd7dc7041-MsoNormal">NIC driver: i40e, version: 2.2.4 Latest \
firmware.</p><p class="ox-dc8a5e046b-ox-9cd7dc7041-MsoNormal"><br> When the system \
boots the NIC cards will only observe broadcast traffic.  In order for the card \
to receive all traffic being forwarded to it I have to do the following<br> <br> \
1.  Stop em1, em2, p3p1,p3p2 (ifdown)<br> 2.  modprobe –r i40e</p><p \
class="ox-dc8a5e046b-ox-9cd7dc7041-MsoNormal">3.  modprobe i40e</p><p \
class="ox-dc8a5e046b-ox-9cd7dc7041-MsoNormal">4. Configure the interfaces</p><p \
class="ox-dc8a5e046b-ox-9cd7dc7041-MsoNormal" style="margin-left: .5in;">ethtool -K \
em1 tso off gro off ufo off lro off gso off rx off tx off rxvlan off txvlan off</p><p \
class="ox-dc8a5e046b-ox-9cd7dc7041-MsoNormal" style="margin-left: .5in;">ethtool -L \
em1 combined 1</p><p class="ox-dc8a5e046b-ox-9cd7dc7041-MsoNormal" \
style="margin-left: .5in;">ethtool -K em2 tso off gro off ufo off lro off gso off rx \
off tx off rxvlan off txvlan off</p><p class="ox-dc8a5e046b-ox-9cd7dc7041-MsoNormal" \
style="margin-left: .5in;">ethtool -L em2 combined 1</p><p \
class="ox-dc8a5e046b-ox-9cd7dc7041-MsoNormal" style="margin-left: .5in;">ethtool -K \
p3p1 tso off gro off ufo off lro off gso off rx off tx off rxvlan off txvlan \
off</p><p class="ox-dc8a5e046b-ox-9cd7dc7041-MsoNormal" style="margin-left: \
.5in;">ethtool -L p3p1 combined 1</p><p class="ox-dc8a5e046b-ox-9cd7dc7041-MsoNormal" \
style="margin-left: .5in;">ethtool -K p3p2 tso off gro off ufo off lro off gso off rx \
off tx off rxvlan off txvlan off</p><p class="ox-dc8a5e046b-ox-9cd7dc7041-MsoNormal" \
style="margin-left: .5in;">ethtool -L p3p2 combined 1</p><p \
class="ox-dc8a5e046b-ox-9cd7dc7041-MsoNormal">5. Bring the interfaces up (ifup)<br> \
6.  Start Suricata<br> <br> We have 100+ sensors with Intel cards in them with \
no issues.  <br> <br> Has anyone experienced this issue and is there a \
fix????<br> <br></p><p class="ox-dc8a5e046b-ox-9cd7dc7041-MsoNormal" \
style="margin-left: .5in;"> </p><p class="ox-dc8a5e046b-ox-9cd7dc7041-MsoNormal" \
style="margin-left: .5in;"> </p></div>This message and attachments may contain \
confidential information. If it appears that this message was sent to you by mistake, \
any retention, dissemination, distribution or copying of this message and attachments \
is strictly prohibited. Please notify the sender immediately and permanently delete \
the message and any attachments. <br><br>. . . . \
.</blockquote><p><br> </p><blockquote \
type="cite">_______________________________________________<br>Suricata IDS Users \
mailing list: oisf-users@openinfosecfoundation.org<br>Site: http://suricata-ids.org | \
Support: http://suricata-ids.org/support/<br>List: \
https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users<br><br>Conference: \
https://suricon.net<br>Trainings: \
https://suricata-ids.org/training/</blockquote><p><br></p><div \
class="ox-dc8a5e046b-io-ox-signature"><p>Kind regards<br></p><p>Amar \
Rathore</p><p>CounterSnipe Systems LLC <br>Tel: +1 617 701 7213 <br>Mobile: +44 (0) \
7876 233333 <br>Skype ID: amarrathore <br>Web: www.countersnipe.com \
<http://www.countersnipe.com/> <br><br></p><p><span style="font-size: \
8pt;">This message contains confidential information and is intended only for the \
individual named. If you are not the named addressee you should not disseminate, \
distribute or copy this e-mail. Please notify the sender immediately by e-mail if you \
have received this e-mail by mistake and delete this e-mail from your \
system.</span></p><p><span style="font-size: 8pt;">E-mail transmission cannot be \
guaranteed to be secure or error-free as information could be intercepted, corrupted, \
lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore \
does not accept liability for any errors or omissions.</span> \
<br></p></div></body></html>
------=_Part_64499_662297506.1508967368405--
[Attachment #3 (text/plain)]
_______________________________________________
Suricata IDS Users mailing list: oisf-users@openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
Conference: https://suricon.net
Trainings: https://suricata-ids.org/training/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic