Feature #4573: add IPS drop total to eve log output - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #4573

closed

add IPS drop total to eve log output

Added by Corey Thomas about 3 years ago. Updated about 1 year ago.

Status:

Rejected

Priority:

Normal

Assignee:

Jeff Lucovsky

Target version:

TBD

Effort:

Difficulty:

Label:

Description

It would be useful to have the stats metric for total IPS drops in eve output. Probably similar to the alert count as part of suricata engine output. The field name should be clear that it's ips or alert drops.

e.g.

{"timestamp":"2021-08-03T13:15:28.965147+0000","log_level":"Info","event_type":"engine","engine":{"message":"Alerts: 56893"}}
{"timestamp":"2021-08-03T13:15:28.965147+0000","log_level":"Info","event_type":"engine","engine":{"message":"IPS_Drops: 100"}}

Related issues 1 (0 open — 1 closed)

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Feature #4573

add IPS drop total to eve log output

Updated by Victor Julien about 3 years ago

Updated by Jeff Lucovsky over 2 years ago

Updated by Jeff Lucovsky about 1 year ago

Updated by Jeff Lucovsky about 1 year ago

Updated by Victor Julien about 1 year ago

Updated by Jeff Lucovsky about 1 year ago

Updated by Corey Thomas about 1 year ago

Updated by Jeff Lucovsky about 1 year ago