feature, put more info in the "drop.log"
I am trying Suricata as IPS and I lack some informations in the "drop.log" file.
I think that the file should contain, at least, the SID of the activated rule.
Updated by Victor Julien about 9 years ago
- Status changed from New to Assigned
- Assignee set to Eric Leblond
- Target version set to TBD
As the log is in netfilter's log format, additions would have to stay compatible. Maybe we can mimic netfilters 'log prefix' field to add sid info. Also, it's not always a sid that causes a drop, the stream engine can drop things as well when in 'inline' mode.