Bug #7884: exceptions: handle logging for per-packet policies - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #7884

open

exceptions: handle logging for per-packet policies

Added by Juliana Fajardini Reichow 5 days ago. Updated 5 days ago.

Status:

New

Priority:

Normal

Assignee:

Juliana Fajardini Reichow

Target version:

8.0.2

Affected Versions:

7.0.12, 8.0.1

Effort:

Difficulty:

Label:

Needs backport to 7.0

Description

When implementing #6215 the implications of flow.memcap and defrag.memcap affecting only packets weren't taken into consideration.
This means that Suricata is able to generate stats for when these are triggered, but can't actually log the triggered policy with a flow, as there isn't one associated when we apply the policies.

Actions

Copy link

Updated by Victor Julien 5 days ago

Wonder if we should make this a new subtype of the anomaly type

        - anomaly:
            enabled: yes
            types:
              # decode: no
              # stream: no
              # applayer: yes
              exception-policy: yes
            #packethdr: no

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #7884

exceptions: handle logging for per-packet policies

Updated by Victor Julien 5 days ago