The daq does not depend on a specific pf_ring version, thus no log in case.
Alfredo > On 10 Mar 2015, at 04:36, Jim Hranicky <[email protected]> wrote: > > Signed PGP part > I did, or at least I think I did. It would be griping at > me in the logs if the versions were mismatched, right? > > Jim > > On 03/09/2015 06:53 PM, Alfredo Cardigliano wrote: > > Hi Jim did you update, recompile, reinstall both libraries and > > daq-zc? > > > > Alfredo > > > >> On 08 Mar 2015, at 20:18, Jim Hranicky <[email protected] > >> <mailto:[email protected]>> wrote: > >> > >> Signed PGP part Same thing: > >> > >> (Event) sensor id: 0 event id: 1 event second: 0 event > >> microsecond: 0 sig id: 2009986 gen id: 1 revision: 2 > >> classification: 21 priority: 1 ip source: XX.XX.XX.XX > >> ip destination: 27.141.202.62 src port: 8247 dest port: 8247 > >> protocol: 17 impact_flag: 0 blocked: 0 > >> > >> > >> Mar 8 14:26:45 sensor kernel: [PF_RING] Welcome to PF_RING > >> 6.0.3 ($Revision: 9060$) Mar 8 14:26:45 sensor kernel: [PF_RING] > >> registered /proc/net/pf_ring/ Mar 8 14:26:45 sensor kernel: > >> [PF_RING] Min # ring slots 4096 Mar 8 14:26:45 sensor kernel: > >> [PF_RING] Slot version 16 Mar 8 14:26:45 sensor kernel: > >> [PF_RING] Capture TX Yes [RX+TX] Mar 8 14:26:45 sensor > >> kernel: [PF_RING] IP Defragment No Mar 8 14:26:45 sensor > >> kernel: [PF_RING] Initialized correctly Mar 8 14:28:29 sensor > >> kernel: [PF_RING_IXGBE] Intel(R) 10 Gigabit PCI Express Network > >> Driver - version 3.22.3 Mar 8 14:50:45 sensor kernel: [PF_RING] > >> Welcome to PF_RING 6.0.3 ($Revision: 9060$) Mar 8 14:50:45 > >> sensor kernel: [PF_RING] registered /proc/net/pf_ring/ > >> > >> BTW, I usually edit ixgbe_main.c and add this: > >> > >> ----------------------- Index: ixgbe_main.c > >> =================================================================== > >> > >> > --- ixgbe_main.c (revision 9060) > >> +++ ixgbe_main.c (working copy) @@ -80,7 +80,7 @@ > >> > >> char ixgbe_driver_name[] = "ixgbe"; static const char > >> ixgbe_driver_string[] = - "Intel(R) > >> 10 Gigabit PCI Express Network Driver"; + > >> "[PF_RING_IXGBE] Intel(R) 10 Gigabit PCI Express Network > >> Driver"; #define DRV_HW_PERF > >> > >> #define FPGA ----------------------- > >> > >> Helps me know I installed the right driver. Would this be > >> something you'd be interested in? > >> > >> Jim > >> > >> On 03/08/2015 12:31 PM, Alfredo Cardigliano wrote: > >>> Hi Jim software timestamping was disabled for performance > >>> reason, I patched > >> the code (both ZC library and daq-zc) in svn now, > >>> please update and let us know. > >>> > >>> Alfredo > >>> > >>>> On 06 Mar 2015, at 17:40, Jim Hranicky <[email protected] > >> <mailto:[email protected]>> wrote: > >>>> > >>>> So I'm testing the snort zc daq, and it seems to be working. > >>>> Unfortunately, it seems snort is writing out events with a > >>>> null timestamp: > >>>> > >>>> (Event) sensor id: 0 event id: 1 event second: 0 > >>>> event > >> microsecond: 0 > >>>> sig id: 2008583 gen id: 1 revision: 4 > >> classification: 33 > >>>> priority: 1 ip source: XX.XX.XX.XX ip destination: > >> 41.58.217.229 > >>>> src port: 38752 dest port: 6882 protocol: 17 impact_flag: > >> 0 blocked: 0 > >>>> > >>>> Going back to pfring_daq I get timestamps again: > >>>> > >>>> (Event) sensor id: 0 event id: 1 event second: > >>>> 1425659634 > >> event microsecond: 670130 > >>>> sig id: 2008581 gen id: 1 revision: 3 > >> classification: 33 > >>>> priority: 1 ip source: XX.XX.XX.XX ip destination: > >> 5.141.224.27 > >>>> src port: 45704 dest port: 48566 protocol: 17 > >> impact_flag: 0 blocked: 0 > >>>> > >>>> Any ideas? > >>>> > >>>> -- Jim Hranicky Data Security Specialist UF Information > >>>> Technology 105 NW 16TH ST Room #104 GAINESVILLE FL > >>>> 32603-1826 352-273-1341 Information Security Office > >>>> _______________________________________________ Ntop-misc > >>>> mailing list [email protected] > >>>> <mailto:[email protected]> > >>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc > >>> > >>> > >>> > >>> _______________________________________________ Ntop-misc > >>> mailing list [email protected] > >>> <mailto:[email protected]> > >>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc > >>> > >> > >> > >> _______________________________________________ Ntop-misc mailing > >> list [email protected] > >> <mailto:[email protected]> > >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc > > > > > > > > _______________________________________________ Ntop-misc mailing > > list [email protected] > > http://listgateway.unipi.it/mailman/listinfo/ntop-misc > > > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
