Project

General

Profile

Actions
Copy link

Feature #4573

closed
CT JL

add IPS drop total to eve log output

Feature #4573: add IPS drop total to eve log output

Added by Corey Thomas over 4 years ago. Updated over 2 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
Jeff Lucovsky
Target version:
TBD
Effort:
Difficulty:
Label:

Description

It would be useful to have the stats metric for total IPS drops in eve output. Probably similar to the alert count as part of suricata engine output. The field name should be clear that it's ips or alert drops.

e.g.

{"timestamp":"2021-08-03T13:15:28.965147+0000","log_level":"Info","event_type":"engine","engine":{"message":"Alerts: 56893"}}
{"timestamp":"2021-08-03T13:15:28.965147+0000","log_level":"Info","event_type":"engine","engine":{"message":"IPS_Drops: 100"}}

Related issues 1 (0 open1 closed)

Related to Suricata - Feature #4756: capture: support ips stats for all IPS capture methodsClosedVictor JulienActions
Actions
Copy link

Also available in: PDF Atom