Suricata

When managing a few thousand rules with a mixed drop/reject policy it might be useful for fast.log to show if a packet has been dropped or rejected, at the moment it can only show drop.

for example:

reject http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related"; flow:established,to_server; content:".su|0d 0a|"; http_header; pcre:"/Host\x3A\x20[^\r\n]*\x2Esu\x0D\x0A/H"; reference:url,www.abuse.ch/?p=3581; classtype:trojan-activity; sid:2014170; rev:2;)

Shows this in fast.log

12/21/2016-17:23:33.897239 [Drop] [**] [1:2014170:2] ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.2.12:12507 -> 104.25.73.38:80