[Oisf-users] suppress in threshold + packets dropped
Victor Julien
lists at inliniac.net
Mon Nov 28 14:15:50 UTC 2016
On 28-11-16 15:05, erik clark wrote:
> I am supressing 33 signatures with
>
> suppress gen_id 1, sig_id $sid
>
> Since doing this, I see that Suricata is dropping around 12% of the
> packets. This doesnt make any sense. Are suppressed signatures
> "dropped"? Why are my stats crazy like this?
Have you tried disabling the suppressions for a bit? Might be a coincidence.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list