Project

General

Profile

Actions
Copy link

Bug #7884

open

exceptions: handle logging for per-packet policies

Added by Juliana Fajardini Reichow 2 months ago. Updated 14 days ago.

Status:
Assigned
Priority:
Normal
Assignee:
Juliana Fajardini Reichow
Target version:
9.0.0-beta1
Affected Versions:
7.0.12, 8.0.1
Effort:
Difficulty:
Label:

Description

When implementing #6215 the implications of flow.memcap and defrag.memcap affecting only packets weren't taken into consideration.
This means that Suricata is able to generate stats for when these are triggered, but can't actually log the triggered policy with a flow, as there isn't one associated when we apply the policies.

Subtasks 1 (1 open0 closed)

Bug #7909: exceptions: handle logging for per-packet policies (7.0.x backport)AssignedJuliana Fajardini ReichowActions
Actions
Copy link
 #1

Updated by Victor Julien 2 months ago

Wonder if we should make this a new subtype of the anomaly type

        - anomaly:
            enabled: yes
            types:
              # decode: no
              # stream: no
              # applayer: yes
              exception-policy: yes
            #packethdr: no

Actions
Copy link
 #2

Updated by Victor Julien about 2 months ago

  • Target version changed from 8.0.2 to 9.0.0-beta1
Actions
Copy link
 #3

Updated by OISF Ticketbot about 2 months ago

  • Subtask #7909 added
Actions
Copy link
 #4

Updated by OISF Ticketbot about 2 months ago

  • Label deleted (Needs backport to 7.0)
Actions
Copy link
 #5

Updated by Juliana Fajardini Reichow 14 days ago

  • Status changed from New to Assigned
Actions
Copy link

Also available in: Atom PDF