Bug #8499: Exception Policy key not available for netflow logs - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #8499

open

Exception Policy key not available for netflow logs

Bug #8499: Exception Policy key not available for netflow logs

Added by Shane Dugan about 11 hours ago.

Status:

New

Priority:

Normal

Assignee:

Target version:

TBD

Affected Versions:

8.0.3

Effort:

low

Difficulty:

Label:

Description

While upgrading to 8.0.3, we noticed that the exception_policy key (and corresponding suricata.yaml option) are available for flow logs, but not for netflow logs. We configured both netflow and flow in the yaml with the same values:

- flow:
      exception-policy: true

- netflow:
      exception-policy: true

The flow log shows the exception_policy key, while the netflow logs do not:

    "flow": {
        "pkts_toserver": 1,
        "pkts_toclient": 0,
        "bytes_toserver": 66,
        "bytes_toclient": 0,
        "start": "2023-12-08T09:31:21.766095+0000",
        "end": "2023-12-08T09:31:21.766095+0000",
        "age": 0,
        "state": "new",
        "reason": "shutdown",
        "alerted": false,
        "action": "drop",
        "exception_policy": [{
            "target": "stream_midstream",
            "policy": "drop_flow" 
        }]
    },
...
    "netflow": {
        "pkts": 1,
        "bytes": 66,
        "start": "2023-12-08T09:31:21.766095+0000",
        "end": "2023-12-08T09:31:21.766095+0000",
        "age": 0,
        "min_ttl": 57,
        "max_ttl": 57
    },

No data to display

Actions

Copy link

Also available in: PDF Atom

Project

General

Profile

Suricata

Custom queries

Bug #8499

Exception Policy key not available for netflow logs