Replies: 1 comment
-
|
During setup did you add that interface to your monitor ports? If not you can add it using When you run Do you see your adapter interface listed as a You can try tcpdump on the adapter interface and see if traffic is getting to the sensor. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Version
2.4.140
Installation Method
Security Onion ISO image
Description
configuration
Installation Type
Standalone
Location
on-prem with Internet access
Hardware Specs
Meets minimum requirements
CPU
4
RAM
16 GB
Storage for /
78 GB
Storage for /nsm
150 GB
Network Traffic Collection
span port
Network Traffic Speeds
1Gbps to 10Gbps
Status
Yes, all services on all nodes are running OK
Salt Status
Yes, there are salt failures (please provide detail below)
Logs
No, there are no additional clues
Detail
My monitoring interface (an "Amazon Basics USB 3.0 to 10/100/1000 Gigabit Ethernet Adapter") is blinking, and when I plug the network cable plugged into the mirrored port on my network switch I see traffic in Wireshark, but I don't see any alerts in Security Onion and the "Inbound Monitor Traffic" shows "0.0 Mb/s."
Below is the output of "sudo salt-call state.highstate":
local:
Data failed to compile:
I tried the solution in a previous post of changing the MTU for bond0 from 9216 down to 1500 in "/etc/NetworkManager/system-connections/bond0.nmconnection" and from 9000 down to 1500 in nmtui, and the issue persists.
Please let me know what you think. Thank you!
Guidelines
Beta Was this translation helpful? Give feedback.
All reactions