ngms17

root@suricata:~# tail /var/log/suricata/suricata.log 2/11/2020 -- 02:20:45 - - Initializing PCAP ring buffer for /data/nsm//log.%n.%t.pcap. 2/11/2020 -- 02:20:45 - - Ring buffer initialized with 19 files. 2/11/2020 -- 02:20:45 - -...

For now, it seems to be running ok. It has been running for over 1h. I found a possible solution by doubling the "strem-mem-cap". I will keep this ticket open....

Well, it lasted 8h. This is the output. selks-user@suricata:~$ sudo dpkg -l | grep suricata ii suricata 1:2020100901-0stamus0 amd64 Suricata open source multi-thread IDS/IPS/NSM system.

Giving me this error now. selks-user@suricata:~$ tail /var/log/suricata/suricata.log 11/12/2020 -- 21:39:36 - - Error opening dump file /data/nsm//log.10.1607689431.pcap: Permission denied 11/12/2020 -- 21:39:36 - - Error opening dump file /data/nsm//log.10.1607689431.pcap:...

Sure, already making the upgrade, Its very strange because i have a normal installation followed by your guides. First-time setup and upgrade

Suricata seems to be ok for now, but the permission error its still appearing

selks-user@suricata:~$ ls -ld /data/nsm drwxr-xr-x 2 logstash root 16384 Dec 11 20:27 /data/nsm This are the permissions of the folder. And moloch is not receiving any data

It`s running with user logstash, i guess

It would be useful to send the most critical alerts to my team communication channel (slack or email for example). For large networks, the data flow is huge and its...

Ok, thanks for the help. I noticed that evebox takes a lot of time if i filter for the last 12 or 24 hours. I have a lot of indexed...