Actions
Feature #8499
open
SD
SS
Exception Policy key to be made available for netflow logs
Feature #8499:
Exception Policy key to be made available for netflow logs
Effort:
low
Difficulty:
Label:
Description
While upgrading to 8.0.3, we noticed that the exception_policy key (and corresponding suricata.yaml option) are available for flow logs, but not for netflow logs. We configured both netflow and flow in the yaml with the same values:
- flow: exception-policy: true - netflow: exception-policy: true
The flow log shows the
exception_policy key, while the netflow logs do not:
"flow": {
"pkts_toserver": 1,
"pkts_toclient": 0,
"bytes_toserver": 66,
"bytes_toclient": 0,
"start": "2023-12-08T09:31:21.766095+0000",
"end": "2023-12-08T09:31:21.766095+0000",
"age": 0,
"state": "new",
"reason": "shutdown",
"alerted": false,
"action": "drop",
"exception_policy": [{
"target": "stream_midstream",
"policy": "drop_flow"
}]
},
...
"netflow": {
"pkts": 1,
"bytes": 66,
"start": "2023-12-08T09:31:21.766095+0000",
"end": "2023-12-08T09:31:21.766095+0000",
"age": 0,
"min_ttl": 57,
"max_ttl": 57
},
PA Updated by Philippe Antoine 6 days ago
- Tracker changed from Bug to Feature
- Subject changed from Exception Policy key not available for netflow logs to Exception Policy key to be made available for netflow logs
- Status changed from New to In Review
- Affected Versions deleted (
8.0.3)
PA Updated by Philippe Antoine 6 days ago
- Assignee set to Shane Dugan
PA Updated by Philippe Antoine 6 days ago
- Assignee deleted (
Shane Dugan)
SS Updated by Samaresh Kumar singh 4 days ago
- Assignee set to Samaresh Kumar singh
Actions