[Oisf-users] wDrop vs Drop
Victor Julien
lists at inliniac.net
Wed Dec 13 08:08:07 UTC 2017
On 12-12-17 22:50, Ale Fredes wrote:
> I was analysing fast.log file and I found that if I use Suricata in IDS
> mode with the Reject action the registry shows [wDrop], anyone could
> tell me what mean the "w"?
> If I use Suricata in IPS mode with the Drop action the log shows [Drop].
'would', as in this traffic would have been dropped if you'd run in IPS
mode.
So this means a 'drop' signature was used in IDS mode.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list