Feature #1885: eve: add option to log all dropped packets - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #1885

closed

eve: add option to log all dropped packets

Added by Victor Julien over 7 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Victor Julien

Target version:

3.1.2

Effort:

Difficulty:

Label:

Description

By default Suricata 3.1.1 and older will not log every dropped packet. When a flow is dropped only the first dropped packet in each direction is logged.

Add an option to change this behavior:

- drop:
    alerts: yes      # log alerts that caused drops
    flows: all       # start or all: 'start' logs only a single drop
                     # per flow direction. All logs each dropped pkt.

Implemented in commit 2997d086bea41349d05fcff176afd15ebd1d09ef https://github.com/inliniac/suricata/pull/2225

No data to display

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Feature #1885

eve: add option to log all dropped packets