<div dir="ltr">Rajesh,<div><br></div><div>Do you mean that the sensor is overloaded and you are dropping packets, or are you running in IPS mode and seeing that traffic is being dropped? By default all ET open rules are set to alert, not drop. Suricata will run in IDS mode by default, so traffic should not be dropped. </div><div><br></div><div>Thanks,</div><div><br></div><div>Jason</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Nov 6, 2017 at 1:08 PM, rajesh kanna <span dir="ltr"><<a href="mailto:rajeshkanna.msec@gmail.com" target="_blank">rajeshkanna.msec@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello folks,<br>
<br>
First of all, thanks to the suricata dev team for this very useful application.<br>
<br>
After upgrading to latest Emerging Threats rules package from<br>
<a href="http://rules.emergingthreats.net/open/suricata/" rel="noreferrer" target="_blank">http://rules.emergingthreats.<wbr>net/open/suricata/</a>,<br>
I could see the HTTP traffic's are getting dropped sometimes.<br>
<br>
So I just want to know like which rules are wrongly updated leads<br>
these traffic drops,.<br>
<br>
Had tried to debug the reason with self help diagrams in OISF wiki but<br>
could not get.<br>
<br>
Any input in this on how to debug further would be highly helpful.<br>
<br>
Thanks in advance,<br>
<br>
Regards,<br>
Rajesh Kanna<br>
______________________________<wbr>_________________<br>
Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org">oisf-users@<wbr>openinfosecfoundation.org</a><br>
Site: <a href="http://suricata-ids.org" rel="noreferrer" target="_blank">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/" rel="noreferrer" target="_blank">http://suricata-ids.org/<wbr>support/</a><br>
List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" rel="noreferrer" target="_blank">https://lists.<wbr>openinfosecfoundation.org/<wbr>mailman/listinfo/oisf-users</a><br>
<br>
Conference: <a href="https://suricon.net" rel="noreferrer" target="_blank">https://suricon.net</a><br>
Trainings: <a href="https://suricata-ids.org/training/" rel="noreferrer" target="_blank">https://suricata-ids.org/<wbr>training/</a></blockquote></div><br></div>