Project

General

Profile

Actions

Feature #5816

open

Exception policy stats counters

Added by Jamie Lavigne almost 2 years ago. Updated 9 months ago.

Status:
Resolved
Priority:
Normal
Target version:
Effort:
Difficulty:
Label:

Description

Exception policies support applying a default action to packets in various exceptional cases, but don't have related stats counters. I am interested in counters for each of the exception policies counting the number of times they are applied. The visibility these counters provide is important for understanding the source of these drops since they can not be reported in things like alert logs.

I think a single counter per exception policy counting the number of times it is invoked would be enough for the visibility we need. Importantly, the counters should be enabled for all values of the exception policy (including "ignore") so that it's possible to know the impact they will have before they are enabled.


Subtasks 2 (1 open1 closed)

Feature #5890: Exception policy stats counters (6.0.x backport)RejectedActions
Feature #6509: Exception policy stats counters (7.0.x backport)In ReviewJeff LucovskyActions

Related issues 6 (4 open2 closed)

Related to Suricata - Feature #6230: stats: add drop reason countersClosedVictor JulienActions
Related to Suricata - Task #6443: Suricon 2023 brainstormAssignedVictor JulienActions
Related to Suricata - Task #6929: eve/stats: hide zero-values for counters individuallyIn ProgressJuliana Fajardini ReichowActions
Related to Suricata - Feature #6215: Exception policy log outputAssignedJuliana Fajardini ReichowActions
Related to Suricata - Optimization #7185: exceptions: use search-friendly log outputNewOISF DevActions
Has duplicate Suricata - Feature #5828: exceptions: add statsRejectedJuliana Fajardini ReichowActions
Actions

Also available in: Atom PDF