Hello! Nice suggestion for change driver name! Because I sometimes did not remember what driver loaded :(
On Sun, Mar 8, 2015 at 10:18 PM, Jim Hranicky <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Same thing: > > (Event) > sensor id: 0 event id: 1 event second: 0 event microsecond: 0 > sig id: 2009986 gen id: 1 revision: 2 classification: 21 > priority: 1 ip source: XX.XX.XX.XX ip destination: > 27.141.202.62 > src port: 8247 dest port: 8247 protocol: 17 impact_flag: 0 > blocked: 0 > > > Mar 8 14:26:45 sensor kernel: [PF_RING] Welcome to PF_RING 6.0.3 > ($Revision: 9060$) > Mar 8 14:26:45 sensor kernel: [PF_RING] registered /proc/net/pf_ring/ > Mar 8 14:26:45 sensor kernel: [PF_RING] Min # ring slots 4096 > Mar 8 14:26:45 sensor kernel: [PF_RING] Slot version 16 > Mar 8 14:26:45 sensor kernel: [PF_RING] Capture TX Yes [RX+TX] > Mar 8 14:26:45 sensor kernel: [PF_RING] IP Defragment No > Mar 8 14:26:45 sensor kernel: [PF_RING] Initialized correctly > Mar 8 14:28:29 sensor kernel: [PF_RING_IXGBE] Intel(R) 10 Gigabit PCI > Express Network Driver - version 3.22.3 > Mar 8 14:50:45 sensor kernel: [PF_RING] Welcome to PF_RING 6.0.3 > ($Revision: 9060$) > Mar 8 14:50:45 sensor kernel: [PF_RING] registered /proc/net/pf_ring/ > > BTW, I usually edit ixgbe_main.c and add this: > > - ----------------------- > Index: ixgbe_main.c > =================================================================== > - --- ixgbe_main.c (revision 9060) > +++ ixgbe_main.c (working copy) > @@ -80,7 +80,7 @@ > > char ixgbe_driver_name[] = "ixgbe"; > static const char ixgbe_driver_string[] = > - - "Intel(R) 10 Gigabit PCI Express Network > Driver"; > + "[PF_RING_IXGBE] Intel(R) 10 Gigabit PCI > Express Network Driver"; > #define DRV_HW_PERF > > #define FPGA > - ----------------------- > > Helps me know I installed the right driver. Would this be something > you'd be interested in? > > Jim > > On 03/08/2015 12:31 PM, Alfredo Cardigliano wrote: >> Hi Jim >> software timestamping was disabled for performance reason, I patched the >> code (both ZC library and daq-zc) in svn now, >> please update and let us know. >> >> Alfredo >> >>> On 06 Mar 2015, at 17:40, Jim Hranicky <[email protected]> wrote: >>> >>> So I'm testing the snort zc daq, and it seems to be working. >>> Unfortunately, it seems snort is writing out events with a >>> null timestamp: >>> >>> (Event) >>> sensor id: 0 event id: 1 event second: 0 event microsecond: 0 >>> sig id: 2008583 gen id: 1 revision: 4 classification: 33 >>> priority: 1 ip source: XX.XX.XX.XX ip destination: 41.58.217.229 >>> src port: 38752 dest port: 6882 protocol: 17 impact_flag: 0 >>> blocked: 0 >>> >>> Going back to pfring_daq I get timestamps again: >>> >>> (Event) >>> sensor id: 0 event id: 1 event second: 1425659634 >>> event microsecond: 670130 >>> sig id: 2008581 gen id: 1 revision: 3 classification: 33 >>> priority: 1 ip source: XX.XX.XX.XX ip destination: 5.141.224.27 >>> src port: 45704 dest port: 48566 protocol: 17 impact_flag: >>> 0 blocked: 0 >>> >>> Any ideas? >>> >>> -- >>> Jim Hranicky >>> Data Security Specialist >>> UF Information Technology >>> 105 NW 16TH ST Room #104 GAINESVILLE FL 32603-1826 >>> 352-273-1341 >>> Information Security Office >>> _______________________________________________ >>> Ntop-misc mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >> >> >> >> _______________________________________________ >> Ntop-misc mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >> > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iF4EAREIAAYFAlT8oHUACgkQCGX2wHRYUXSyOAD/RVrAXRhGr60itInjHR/JQM53 > 3TnpCWq0KzFIfnt4XbUA/2XJrikcUX1OWh62wP6979xfcoPMSzBkrDcTsMQBGWM1 > =D65Q > -----END PGP SIGNATURE----- > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc -- Sincerely yours, Pavel Odintsov _______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
