Project

General

Custom queries

Profile

Actions

Optimization #5121

closed

Bug #5124: alerts: 5.0.8/6.0.4 count noalert sigs towards built-in alert limit (5.0.x backport)

Use configurable or more dynamic @ PACKET_ALERT_MAX@ (5.0.x backport)

Added by Jeff Lucovsky almost 3 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
High
Target version:
Effort:
Difficulty:
Label:

Description

Currently, PACKET_ALERT_MAX is hardcoded to 15

This turned out to be a problem writing S-V test, with many signatures (different variations of a feature) matching on the same packet
That was HTTP keywords on HTTP2 traffic, where I had one packet containing 3 requests

It would be nice to have this value be configurable from suricata.yaml


Related issues 1 (0 open1 closed)

Copied from Suricata - Optimization #4207: Use configurable or more dynamic @ PACKET_ALERT_MAX@ClosedJuliana Fajardini ReichowActions
Actions #1

Updated by Jeff Lucovsky almost 3 years ago

  • Copied from Optimization #4207: Use configurable or more dynamic @ PACKET_ALERT_MAX@ added
Actions #2

Updated by Juliana Fajardini Reichow over 2 years ago

  • Target version changed from 7.0.0-beta1 to 5.0.10
Actions #3

Updated by Juliana Fajardini Reichow over 2 years ago

  • Status changed from New to In Progress
Actions #4

Updated by Juliana Fajardini Reichow over 2 years ago

  • Status changed from In Progress to In Review
Actions #5

Updated by Juliana Fajardini Reichow over 2 years ago

  • Subject changed from Use configurable or more dynamic @ PACKET_ALERT_MAX@ to Use configurable or more dynamic @ PACKET_ALERT_MAX@ (5.0.x backport)
Actions #6

Updated by Victor Julien over 2 years ago

  • Parent task changed from #5120 to #5124
Actions #8

Updated by Juliana Fajardini Reichow over 2 years ago

  • Status changed from In Review to Closed
Actions

Also available in: Atom PDF