Suricata

The eve drop facility logs dropped packets, optionally including the alert that triggered the drop. However if the engine drops for other reasons, e.g. the stream engine rejecting a packet, there is no indication of this.

This ticket proposes to add a reason field to the drop records that will give the user insight into where the drop originated.