Feature #893
closed
feature, put more info in the "drop.log"
Added by JP Pozzi over 11 years ago.
Updated over 9 years ago.
Description
Hello,
I am trying Suricata as IPS and I lack some informations in the "drop.log" file.
I think that the file should contain, at least, the SID of the activated rule.
Regards
JP P
- Status changed from New to Assigned
- Assignee set to Eric Leblond
- Target version set to TBD
As the log is in netfilter's log format, additions would have to stay compatible. Maybe we can mimic netfilters 'log prefix' field to add sid info. Also, it's not always a sid that causes a drop, the stream engine can drop things as well when in 'inline' mode.
Hello,
The idea to mimic --log-prefix seems nice as it is in the "standard".
Regards
Also, it's not always a sid that causes a drop, the stream engine can drop things as well when in 'inline' mode.
Let put at least name of engine here. How can I find what is a cause of drop?
- Status changed from Assigned to Closed
- Assignee changed from Eric Leblond to Victor Julien
- Target version changed from TBD to 3.0RC1
- % Done changed from 0 to 100
Sid is now optionally added to the eve drop log.
- Target version changed from 3.0RC1 to 2.1beta4
Also available in: Atom
PDF