[Oisf-users] suppress in threshold + packets dropped
Andreas Herz
andi at geekosphere.org
Mon Nov 28 22:13:21 UTC 2016
On 28/11/16 at 09:05, erik clark wrote:
> I am supressing 33 signatures with
>
> suppress gen_id 1, sig_id $sid
>
> Since doing this, I see that Suricata is dropping around 12% of the
> packets. This doesnt make any sense. Are suppressed signatures "dropped"?
> Why are my stats crazy like this?
Do you have an example rule?
You might have run into this issue:
https://redmine.openinfosecfoundation.org/issues/1247
--
Andreas Herz
More information about the Oisf-users
mailing list