Task #7797: detect/alert: log event if discarding lower priority rule - Suricata - Open Information Security Foundation

Actions

Copy link

Task #7797

open

detect/alert: log event if discarding lower priority rule

Added by Juliana Fajardini Reichow 2 days ago.

Status:

New

Priority:

Normal

Assignee:

OISF Dev

Target version:

9.0.0-beta1

Effort:

Difficulty:

Label:

Description

In corner case scenarios, if the PacketAlert queue limit is reached, a rule with
a lower internal priority may be discarded from the queue, and thus not generate alerts.

It seems a good idea to generate an event in this case (if possible).
As discussed in https://github.com/OISF/suricata/pull/13515#discussion_r2167522194.

No data to display

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Task #7797

detect/alert: log event if discarding lower priority rule