[Oisf-devel] suricata af-packet IPS mode can't record drop.log
李志强1(研七 福州)
lizhiqiang at ruijie.com.cn
Fri Sep 19 08:36:08 UTC 2014
Hi,
When I set suricata run with af-packet ips mode, I found it can’t record “drop.log” or drop log within eve.log.
I found the source code don’t support this. When it record drop log, the engine must run ENGINE_MODE_IPS, but this only when NFQ and IPFW mode set this value.
Here is the code:
static int JsonDropLogCondition(ThreadVars *tv, const Packet *p) {
if (!EngineModeIsIPS()) {
SCLogDebug("engine is not running in inline mode, so returning");
return FALSE;
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20140919/cda6d8bc/attachment.html>
More information about the Oisf-devel
mailing list