Project

General

Profile

Actions
Copy link

Bug #7884

open

exceptions: handle logging for per-packet policies

Added by Juliana Fajardini Reichow about 1 month ago. Updated 20 days ago.

Status:
New
Priority:
Normal
Assignee:
Juliana Fajardini Reichow
Target version:
9.0.0-beta1
Affected Versions:
7.0.12, 8.0.1
Effort:
Difficulty:
Label:

Description

When implementing #6215 the implications of flow.memcap and defrag.memcap affecting only packets weren't taken into consideration.
This means that Suricata is able to generate stats for when these are triggered, but can't actually log the triggered policy with a flow, as there isn't one associated when we apply the policies.

Subtasks 1 (1 open0 closed)

Bug #7909: exceptions: handle logging for per-packet policies (7.0.x backport)AssignedJuliana Fajardini ReichowActions
Actions
Copy link
 #1

Updated by Victor Julien about 1 month ago

Wonder if we should make this a new subtype of the anomaly type

        - anomaly:
            enabled: yes
            types:
              # decode: no
              # stream: no
              # applayer: yes
              exception-policy: yes
            #packethdr: no

Actions
Copy link
 #2

Updated by Victor Julien 20 days ago

  • Target version changed from 8.0.2 to 9.0.0-beta1
Actions
Copy link
 #3

Updated by OISF Ticketbot 20 days ago

  • Subtask #7909 added
Actions
Copy link
 #4

Updated by OISF Ticketbot 20 days ago

  • Label deleted (Needs backport to 7.0)
Actions
Copy link

Also available in: Atom PDF