Feature #4573: add IPS drop total to eve log output - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #4573

closed

add IPS drop total to eve log output

Added by Corey Thomas over 2 years ago. Updated 7 months ago.

Status:

Rejected

Priority:

Normal

Assignee:

Jeff Lucovsky

Target version:

TBD

Effort:

Difficulty:

Label:

Description

It would be useful to have the stats metric for total IPS drops in eve output. Probably similar to the alert count as part of suricata engine output. The field name should be clear that it's ips or alert drops.

e.g.

{"timestamp":"2021-08-03T13:15:28.965147+0000","log_level":"Info","event_type":"engine","engine":{"message":"Alerts: 56893"}}
{"timestamp":"2021-08-03T13:15:28.965147+0000","log_level":"Info","event_type":"engine","engine":{"message":"IPS_Drops: 100"}}

Related issues 1 (0 open — 1 closed)

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Feature #4573

add IPS drop total to eve log output

Updated by Victor Julien over 2 years ago

Updated by Jeff Lucovsky almost 2 years ago

Updated by Jeff Lucovsky 7 months ago

Updated by Jeff Lucovsky 7 months ago

Updated by Victor Julien 7 months ago

Updated by Jeff Lucovsky 7 months ago

Updated by Corey Thomas 7 months ago

Updated by Jeff Lucovsky 7 months ago