Project

General

Profile

Actions

Feature #5202

closed

eve/drop: include drop "reason"

Added by Victor Julien 7 months ago. Updated 4 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

The eve drop facility logs dropped packets, optionally including the alert that triggered the drop. However if the engine drops for other reasons, e.g. the stream engine rejecting a packet, there is no indication of this.

This ticket proposes to add a reason field to the drop records that will give the user insight into where the drop originated.


Related issues 1 (1 open0 closed)

Related to Task #4773: research: IPS behavior wrt resource limitsNewActions
Actions #1

Updated by Victor Julien 6 months ago

  • Related to Task #4773: research: IPS behavior wrt resource limits added
Actions #2

Updated by Victor Julien 4 months ago

  • Status changed from Assigned to In Progress
Actions

Also available in: Atom PDF