Project

General

Custom queries

Profile

Actions
Copy link

Task #3301

open

Research: Failover support within the current IPS implementation

Added by Andreas Herz over 5 years ago. Updated over 5 years ago.

Status:
New
Priority:
Normal
Assignee:
Community Ticket
Target version:
TBD
Effort:
Difficulty:
Label:

Description

Failover support would make sure that if there are multiple Suricata instances and one of those disappears, the other Suricata IPS instances would 'do the right thing'. What doing the right thing is is an open question. Some of the ideas:

  • sync flow table so that flow tracking would stay active
  • sync 'drop settings' per flow/host/etc
  • sync thresholding
  • datasets?

I think one of the first things that needs to be done is analyze how Suricata currently works in a IPS failover case.

Related issues 2 (2 open0 closed)

Related to Suricata - Task #3288: Suricon 2019 brainstormAssignedVictor JulienActions
Related to Suricata - Feature #3316: Unix socket: support dumping flow tableFeedbackCommunity TicketActions
#1

Updated by Victor Julien over 5 years ago

  • Description updated (diff)
  • Assignee changed from OISF Dev to Community Ticket
#3

Updated by Victor Julien over 5 years ago

  • Parent task deleted (#3288)
#4

Updated by Victor Julien over 5 years ago

  • Related to Task #3288: Suricon 2019 brainstorm added
#5

Updated by Victor Julien over 4 years ago

  • Related to Feature #3316: Unix socket: support dumping flow table added
Actions
Copy link

Also available in: Atom PDF