Project

General

Profile

Actions

Bug #8499

open
SD

Exception Policy key not available for netflow logs

Bug #8499: Exception Policy key not available for netflow logs

Added by Shane Dugan about 11 hours ago.

Status:
New
Priority:
Normal
Assignee:
-
Target version:
Affected Versions:
Effort:
low
Difficulty:
Label:

Description

While upgrading to 8.0.3, we noticed that the exception_policy key (and corresponding suricata.yaml option) are available for flow logs, but not for netflow logs. We configured both netflow and flow in the yaml with the same values:

- flow:
      exception-policy: true

- netflow:
      exception-policy: true

The flow log shows the exception_policy key, while the netflow logs do not:
    "flow": {
        "pkts_toserver": 1,
        "pkts_toclient": 0,
        "bytes_toserver": 66,
        "bytes_toclient": 0,
        "start": "2023-12-08T09:31:21.766095+0000",
        "end": "2023-12-08T09:31:21.766095+0000",
        "age": 0,
        "state": "new",
        "reason": "shutdown",
        "alerted": false,
        "action": "drop",
        "exception_policy": [{
            "target": "stream_midstream",
            "policy": "drop_flow" 
        }]
    },
...
    "netflow": {
        "pkts": 1,
        "bytes": 66,
        "start": "2023-12-08T09:31:21.766095+0000",
        "end": "2023-12-08T09:31:21.766095+0000",
        "age": 0,
        "min_ttl": 57,
        "max_ttl": 57
    },

No data to display

Actions

Also available in: PDF Atom