Project

General

Profile

Actions
Copy link

Feature #8479

open
VJ

eve/firewall: dedicated log record type

Feature #8479: eve/firewall: dedicated log record type

Added by Victor Julien about 2 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Target version:
TBD
Effort:
Difficulty:
Label:

Description

Currently the firewall mode rules are not logging by default, but can use the alert keyword to generate an alert when they match. This produces the rich alert record type.

It may be worth considering a more dedicated type, that includes the drop record type info as well as detailed info about states, etc.

Related issues 3 (2 open1 closed)

Related to Suricata - Feature #8456: firewall: source field in alert/drop events to distinguish firewall from IDS/IPSClosedJason IshActions
Related to Suricata - Feature #8480: firewall: allow specifying multiple actionsResolvedVictor JulienActions
Related to Suricata - Feature #8566: firewall: support generating alerts on default policyResolvedVictor JulienActions

VJ Updated by Victor Julien about 2 months ago Actions
Copy link
 #1

  • Related to Feature #8456: firewall: source field in alert/drop events to distinguish firewall from IDS/IPS added

VJ Updated by Victor Julien about 2 months ago Actions
Copy link
 #2

  • Related to Feature #8480: firewall: allow specifying multiple actions added

VJ Updated by Victor Julien 14 days ago Actions
Copy link
 #3

  • Related to Feature #8566: firewall: support generating alerts on default policy added
Actions
Copy link

Also available in: PDF Atom