Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000035134 - VLAN ID is not being populated on the Packet Decoder after upgrading to RSA Security Analytics 10.6.2

Document created by RSA Customer Support

on May 12, 2017

Version 1Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000035134
Applies To	RSA Product Set: Security Analytics, NetWitness Logs and Packets RSA Product/Service Type: Packet Decoder RSA Version/Condition: 10.6.2, 10.6.3, 10.6.4 Platform: CentOS O/S Version: 6 Product Name: null Product Description: null
Issue	After upgrading to RSA Security Analytics 10.6.2 the VLAN tags are no longer being captured.
Cause	Although the root cause has not yet been confirmed, it is suspected that the issue might be with the linux kernel. uname -r 2.6.32-642.6.2.el6.x86_64 rpm -qa \| grep pfring pfring-6.0.3-8598.2.6.32.642.6.2.el6.x86_64
Resolution
Workaround	The workaround is to set rxvlan off on the affected interfaces using ethtool as shown in the example below. ethtool -K eth4 rxvlan off ethtool -K eth5 rxvlan off

Attachments

Outcomes

0 Comments

Recommended Content