Project

General

Profile

Actions
Copy link

Documentation #5465

open
VJ VJ

doc/userguide: document terminating behavior of rule actions

Documentation #5465: doc/userguide: document terminating behavior of rule actions

Added by Victor Julien over 3 years ago. Updated 7 months ago.

Status:
Assigned
Priority:
Normal
Assignee:
Victor Julien
Target version:
9.0.0-beta1
Affected Versions:
Effort:
Difficulty:
Label:

Description

Various actions have different "terminating behaviors" in different scenarios.

e.g.:
alert will not terminate, but is limited to a max number of alerts per packet in the output
pass will immediately stop logging more alerts for the same packet and future alerts in the flow
drop will currently log all alerts for a packet, then drop the rest of the flow

Subtasks 1 (1 open0 closed)

Documentation #7918: doc/userguide: document terminating behavior of rule actions (8.0.x backport)AssignedVictor JulienActions

Related issues 2 (2 open0 closed)

Related to Suricata - Documentation #5554: userguide: document behavior for actions like PASS, DROP, REJECT, BYPASS...AssignedJuliana Fajardini ReichowActions
Related to Suricata - Documentation #7277: doc/actions: clarify 'pass' scope variationsNewOISF DevActions

VJ Updated by Victor Julien over 3 years ago Actions
Copy link
 #1

Once we have fully documented the current behavior we need to consider if the behavior actually makes sense. If changes are needed we can track that in a new ticket.

VJ Updated by Victor Julien over 3 years ago Actions
Copy link
 #2

  • Target version changed from 7.0.0-beta1 to 7.0.0-rc1

VJ Updated by Victor Julien over 3 years ago Actions
Copy link
 #3

  • Target version changed from 7.0.0-rc1 to 7.0.0-rc2

JF Updated by Juliana Fajardini Reichow about 3 years ago Actions
Copy link
 #4

  • Tracker changed from Task to Documentation

VJ Updated by Victor Julien about 3 years ago Actions
Copy link
 #5

  • Target version changed from 7.0.0-rc2 to 8.0.0-beta1

VJ Updated by Victor Julien over 1 year ago Actions
Copy link
 #6

  • Assignee changed from Juliana Fajardini Reichow to OISF Dev

JF Updated by Juliana Fajardini Reichow over 1 year ago Actions
Copy link
 #7

  • Related to Documentation #5554: userguide: document behavior for actions like PASS, DROP, REJECT, BYPASS... added

JF Updated by Juliana Fajardini Reichow over 1 year ago Actions
Copy link
 #8

VJ Updated by Victor Julien 12 months ago Actions
Copy link
 #9

  • Target version changed from 8.0.0-beta1 to 8.0.0-rc1

VJ Updated by Victor Julien 10 months ago Actions
Copy link
 #10

  • Target version changed from 8.0.0-rc1 to 8.0.0

VJ Updated by Victor Julien 10 months ago Actions
Copy link
 #11

  • Assignee changed from OISF Dev to Victor Julien

VJ Updated by Victor Julien 9 months ago Actions
Copy link
 #12

  • Target version changed from 8.0.0 to 8.0.1

VJ Updated by Victor Julien 7 months ago Actions
Copy link
 #13

  • Target version changed from 8.0.1 to 8.0.2

VJ Updated by Victor Julien 7 months ago Actions
Copy link
 #14

  • Priority changed from Normal to High
  • Target version changed from 8.0.2 to 9.0.0-beta1
  • Label Needs backport to 8.0 added

OT Updated by OISF Ticketbot 7 months ago Actions
Copy link
 #15

  • Subtask #7918 added

OT Updated by OISF Ticketbot 7 months ago Actions
Copy link
 #16

  • Label deleted (Needs backport to 8.0)
Actions
Copy link

Also available in: PDF Atom