Project

General

Profile

Actions
Copy link

Feature #1154

closed

Get the rule when packets are dropped

Added by JP Pozzi about 10 years ago. Updated almost 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Victor Julien
Target version:
2.1beta4
Effort:
Difficulty:
Label:

Description

Hello,

Two remarks :

1) It will be handy to have the rule number in the file "drop.log" when packets are dropped in IPS mode.

2) Another handy thing will be to have a special level (other than 1,2 or 3) sent to barnyard file for
dropped packets, for example level "0" to see them easily in the Web interface (I am using Snorby).

Regards

JP P

PS :

I compile today the 2.0 version and all seems to be working OK in IPS mode.

I get 8MO/sec on the network (#max for my link) with 120/150% CPU on my Firewall,
System is CoreI3 4130 with 8Gb RAM.

Actions
Copy link
 #1

Updated by Victor Julien about 10 years ago

  • Target version changed from 2.0.1rc1 to TBD
Actions
Copy link
 #2

Updated by Victor Julien almost 9 years ago

  • Status changed from New to Closed
  • Assignee set to Victor Julien
  • Target version changed from TBD to 3.0RC1
  • % Done changed from 0 to 100

In the 2.1 branch we now optionally can add sigs (even noalert sigs to drop logs).

Actions
Copy link
 #3

Updated by Victor Julien almost 9 years ago

  • Target version changed from 3.0RC1 to 2.1beta4
Actions
Copy link

Also available in: Atom PDF