Actions
Feature #8499
open
SD
SS
Exception Policy key to be made available for netflow logs
Feature #8499:
Exception Policy key to be made available for netflow logs
Effort:
low
Difficulty:
Label:
Description
While upgrading to 8.0.3, we noticed that the exception_policy key (and corresponding suricata.yaml option) are available for flow logs, but not for netflow logs. We configured both netflow and flow in the yaml with the same values:
- flow: exception-policy: true - netflow: exception-policy: true
The flow log shows the
exception_policy key, while the netflow logs do not:
"flow": {
"pkts_toserver": 1,
"pkts_toclient": 0,
"bytes_toserver": 66,
"bytes_toclient": 0,
"start": "2023-12-08T09:31:21.766095+0000",
"end": "2023-12-08T09:31:21.766095+0000",
"age": 0,
"state": "new",
"reason": "shutdown",
"alerted": false,
"action": "drop",
"exception_policy": [{
"target": "stream_midstream",
"policy": "drop_flow"
}]
},
...
"netflow": {
"pkts": 1,
"bytes": 66,
"start": "2023-12-08T09:31:21.766095+0000",
"end": "2023-12-08T09:31:21.766095+0000",
"age": 0,
"min_ttl": 57,
"max_ttl": 57
},
Actions