Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
dehaasm
Collaborator

Decrypt monitor interface errors

We have SSL decryption enabled and are sending the traffic to monitor interface (private) to analyze at a SOC.

In the messages log files I see around 30k errors last week which might be some kind of bug, could someone please confirm this?

the error in messges is:

kernel [ERROR]: dat_module_send_error_log: Decrypt and Forward type - Mirror only , recorer_name -eth6, nic_name - eth6, reason - Failed to send packet

Should we invetigate via CP TAC case?

 

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

When "mirroring" traffic out an interface, there is always the risk that you may overrun the mirror interface.
Especially if traffic from multiple interfaces is being mirrored out a specific port.
This should show in the interface statistics: have you checked (should be similar to show interface eth6 in clish).

0 Kudos
dehaasm
Collaborator

I only see this no errors should I open TAC case what do you think?

Statistics:
TX bytes:232380297797309 packets:229616496289 errors:0 dropped:0 overruns:0 carrier:0
RX bytes:4709248 packets:73582 errors:0 dropped:0 overruns:0 frame:0

0 Kudos
PhoneBoy
Admin
Admin

A TAC case is probably in order just to rule out any issues.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events