[Oisf-users] suppress in threshold + packets dropped

Andreas Herz andi at geekosphere.org
Mon Nov 28 22:13:21 UTC 2016

On 28/11/16 at 09:05, erik clark wrote:
> I am supressing 33 signatures with
> suppress gen_id 1, sig_id $sid
> Since doing this, I see that Suricata is dropping around 12% of the
> packets. This doesnt make any sense. Are suppressed signatures "dropped"?
> Why are my stats crazy like this?

Do you have an example rule?
You might have run into this issue:


Andreas Herz

More information about the Oisf-users mailing list