[Oisf-users] Question about drop.log
Victor Julien
victor at inliniac.net
Fri Sep 16 14:09:31 UTC 2011
On 07/30/2011 12:19 AM, Fernando Ortiz wrote:
> Hello, please help me with something. What exactly is logged in drop.log?
> Refering to documentation:
> *
> *
> *11 Drop.log, a line based information for dropped packets*
> If Suricata works in IPS mode, it can drop packets based on rules. Packets
> that are being dropped are saved in the drop.log file, a Netfilter log
> format.
>
> It says that only packets dropped because of a DROP action in a rule are
> logged. But I have no drop actions in any rules and still get dropped
> packets. So, where exactly this information is taken? Thanks in advance
Are you using the stream.inline option? In that case the stream engine
will drop packets it considers bad.
Cheers,
Victor
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list