-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Same thing:
(Event)
sensor id: 0 event id: 1 event second: 0 event microsecond: 0
sig id: 2009986 gen id: 1 revision: 2 classification: 21
priority: 1 ip source: XX.XX.XX.XX ip destination:
27.141.202.62
src port: 8247 dest port: 8247 protocol: 17 impact_flag: 0
blocked: 0
Mar 8 14:26:45 sensor kernel: [PF_RING] Welcome to PF_RING 6.0.3
($Revision: 9060$)
Mar 8 14:26:45 sensor kernel: [PF_RING] registered /proc/net/pf_ring/
Mar 8 14:26:45 sensor kernel: [PF_RING] Min # ring slots 4096
Mar 8 14:26:45 sensor kernel: [PF_RING] Slot version 16
Mar 8 14:26:45 sensor kernel: [PF_RING] Capture TX Yes [RX+TX]
Mar 8 14:26:45 sensor kernel: [PF_RING] IP Defragment No
Mar 8 14:26:45 sensor kernel: [PF_RING] Initialized correctly
Mar 8 14:28:29 sensor kernel: [PF_RING_IXGBE] Intel(R) 10 Gigabit PCI
Express Network Driver - version 3.22.3
Mar 8 14:50:45 sensor kernel: [PF_RING] Welcome to PF_RING 6.0.3
($Revision: 9060$)
Mar 8 14:50:45 sensor kernel: [PF_RING] registered /proc/net/pf_ring/
BTW, I usually edit ixgbe_main.c and add this:
- -----------------------
Index: ixgbe_main.c
===================================================================
- --- ixgbe_main.c (revision 9060)
+++ ixgbe_main.c (working copy)
@@ -80,7 +80,7 @@
char ixgbe_driver_name[] = "ixgbe";
static const char ixgbe_driver_string[] =
- - "Intel(R) 10 Gigabit PCI Express Network
Driver";
+ "[PF_RING_IXGBE] Intel(R) 10 Gigabit PCI Express
Network Driver";
#define DRV_HW_PERF
#define FPGA
- -----------------------
Helps me know I installed the right driver. Would this be something
you'd be interested in?
Jim
On 03/08/2015 12:31 PM, Alfredo Cardigliano wrote:
> Hi Jim
> software timestamping was disabled for performance reason, I patched the code
> (both ZC library and daq-zc) in svn now,
> please update and let us know.
>
> Alfredo
>
>> On 06 Mar 2015, at 17:40, Jim Hranicky <[email protected]> wrote:
>>
>> So I'm testing the snort zc daq, and it seems to be working.
>> Unfortunately, it seems snort is writing out events with a
>> null timestamp:
>>
>> (Event)
>> sensor id: 0 event id: 1 event second: 0 event microsecond: 0
>> sig id: 2008583 gen id: 1 revision: 4 classification: 33
>> priority: 1 ip source: XX.XX.XX.XX ip destination: 41.58.217.229
>> src port: 38752 dest port: 6882 protocol: 17 impact_flag: 0
>> blocked: 0
>>
>> Going back to pfring_daq I get timestamps again:
>>
>> (Event)
>> sensor id: 0 event id: 1 event second: 1425659634 event
>> microsecond: 670130
>> sig id: 2008581 gen id: 1 revision: 3 classification: 33
>> priority: 1 ip source: XX.XX.XX.XX ip destination: 5.141.224.27
>> src port: 45704 dest port: 48566 protocol: 17 impact_flag:
>> 0 blocked: 0
>>
>> Any ideas?
>>
>> --
>> Jim Hranicky
>> Data Security Specialist
>> UF Information Technology
>> 105 NW 16TH ST Room #104 GAINESVILLE FL 32603-1826
>> 352-273-1341
>> Information Security Office
>> _______________________________________________
>> Ntop-misc mailing list
>> [email protected]
>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
>
>
> _______________________________________________
> Ntop-misc mailing list
> [email protected]
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iF4EAREIAAYFAlT8oHUACgkQCGX2wHRYUXSyOAD/RVrAXRhGr60itInjHR/JQM53
3TnpCWq0KzFIfnt4XbUA/2XJrikcUX1OWh62wP6979xfcoPMSzBkrDcTsMQBGWM1
=D65Q
-----END PGP SIGNATURE-----
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
