Project

General

Profile

Actions

Task #3301

open

Research: Failover support within the current IPS implementation

Added by Andreas Herz almost 5 years ago. Updated almost 5 years ago.

Status:
New
Priority:
Normal
Target version:
Effort:
Difficulty:
Label:

Description

Failover support would make sure that if there are multiple Suricata instances and one of those disappears, the other Suricata IPS instances would 'do the right thing'. What doing the right thing is is an open question. Some of the ideas:

  • sync flow table so that flow tracking would stay active
  • sync 'drop settings' per flow/host/etc
  • sync thresholding
  • datasets?

I think one of the first things that needs to be done is analyze how Suricata currently works in a IPS failover case.


Related issues 2 (2 open0 closed)

Related to Suricata - Task #3288: Suricon 2019 brainstormAssignedVictor JulienActions
Related to Suricata - Feature #3316: Unix socket: support dumping flow tableFeedbackCommunity TicketActions
Actions

Also available in: Atom PDF