Bond0 don't have any traffic

[ricamz]

Hi there.

I have SO 2.3.270 on a bare metal. I know it's a bit old, but it should work in this issue.

I receive monitoring traffic in eth1 (only one direction). So if I connect the tcpdump on eth1 I can see traffic flowing by.

But in bond0 I don't see anything:

ifconfig bond0
bond0: flags=5379<UP,BROADCAST,PROMISC,MASTER,MULTICAST> mtu 1500
ether XX:XX:XX:XX:fa:e7 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

ifconfig eth1
eth1: flags=451<UP,BROADCAST,RUNNING,NOARP,PROMISC> mtu 1500
inet6 fe80::499a:c565:bf68:77ce prefixlen 64 scopeid 0x20
ether XX:XX:XX:XX:ba:3b txqueuelen 1000 (Ethernet)
RX packets 409795571 bytes 333902773987 (310.9 GiB)
RX errors 0 dropped 49732986 overruns 0 frame 0
TX packets 582075 bytes 136674952 (130.3 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 18 memory 0xfd5a0000-fd5c0000

Although it has some dropped packages, don't seem to be the problem.

I also did the so-monitor-add eth1 without any error.

How can I check where is the problem?

Regards

Ricardo

[reyesj2]

Security Onion 2.3 reached EOL back in April https://blog.securityonion.net/2024/04/security-onion-23-has-reached-end-of.html

There are many great additional features in 2.4 and it is well worth upgrading

[ricamz]

Thank you reyesj2.

I have tried to migrate but I had an issue (#11286 ) that was never answered, so for my needs 2.3 still works better than 2.4 (due to wazuh agents) unless proven otherwise.

Can you point me to checks I can do in order to solve this issue?

Ricardo