Feature #5202: eve/drop: include drop "reason" - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #5202

closed

eve/drop: include drop "reason"

Added by Victor Julien over 2 years ago. Updated over 2 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Victor Julien

Target version:

7.0.0-beta1

Effort:

Difficulty:

Label:

Description

The eve drop facility logs dropped packets, optionally including the alert that triggered the drop. However if the engine drops for other reasons, e.g. the stream engine rejecting a packet, there is no indication of this.

This ticket proposes to add a reason field to the drop records that will give the user insight into where the drop originated.

Related issues 1 (1 open — 0 closed)

Actions

Copy link

Updated by Victor Julien over 2 years ago

Related to Task #4773: research: IPS behavior wrt resource limits added

Actions

Copy link

Updated by Victor Julien over 2 years ago

Status changed from Assigned to In Progress

Actions

Copy link

Updated by Victor Julien over 2 years ago

Status changed from In Progress to Closed

https://github.com/OISF/suricata/pull/7510/commits/716bdb70dd5bf624d080d5d3841a84c4a57b45cb

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Feature #5202

eve/drop: include drop "reason"

Updated by Victor Julien over 2 years ago

Updated by Victor Julien over 2 years ago

Updated by Victor Julien over 2 years ago