[Oisf-users] help with dropping packets

Leonard Jacobs ljacobs at netsecuris.com
Fri Jul 5 16:27:51 UTC 2013

Drop.log does not function in af-packet IPS mode.

If a signature is set to drop and it is triggered, it will place "wDrop" where the first set of [**] in fast.log are found.  If signature is not set to drop then you will just see [**].

-----Original Message-----
From: oisf-users-bounces at openinfosecfoundation.org [mailto:oisf-users-bounces at openinfosecfoundation.org] On Behalf Of mouna amani
Sent: Friday, July 05, 2013 10:49 AM
To: oisf-users at openinfosecfoundation.org; oisf-users-bounces at openinfosecfoundation.org
Subject: [Oisf-users] help with dropping packets

I changed some of my rules to drop
I am working with ips +af_packet
I have been told that if a packet will be dropped fast.log will contain the world "drop"
in the corresponding signature
I enabled drop.log too but it is empty
Is there an other method to check my dropped packets .
Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
OISF: http://www.openinfosecfoundation.org/

More information about the Oisf-users mailing list