Actions
Optimization #5121
closedBug #5124: alerts: 5.0.8/6.0.4 count noalert sigs towards built-in alert limit (5.0.x backport)
Use configurable or more dynamic @ PACKET_ALERT_MAX@ (5.0.x backport)
Effort:
Difficulty:
Label:
Description
Currently, PACKET_ALERT_MAX
is hardcoded to 15
This turned out to be a problem writing S-V test, with many signatures (different variations of a feature) matching on the same packet
That was HTTP keywords on HTTP2 traffic, where I had one packet containing 3 requests
It would be nice to have this value be configurable from suricata.yaml
Updated by Jeff Lucovsky almost 3 years ago
- Copied from Optimization #4207: Use configurable or more dynamic @ PACKET_ALERT_MAX@ added
Updated by Juliana Fajardini Reichow over 2 years ago
- Target version changed from 7.0.0-beta1 to 5.0.10
Updated by Juliana Fajardini Reichow over 2 years ago
- Status changed from New to In Progress
Updated by Juliana Fajardini Reichow over 2 years ago
- Status changed from In Progress to In Review
PR for review: https://github.com/OISF/suricata/pull/7379
Updated by Juliana Fajardini Reichow over 2 years ago
- Subject changed from Use configurable or more dynamic @ PACKET_ALERT_MAX@ to Use configurable or more dynamic @ PACKET_ALERT_MAX@ (5.0.x backport)
Updated by Victor Julien over 2 years ago
- Parent task changed from #5120 to #5124
Updated by Juliana Fajardini Reichow over 2 years ago
Merged PR: https://github.com/OISF/suricata/pull/7394
Updated by Juliana Fajardini Reichow over 2 years ago
- Status changed from In Review to Closed
Actions