[Oisf-users] Regarding query on suricata

Jason Williams jwilliams at emergingthreats.net
Tue Nov 14 14:00:31 UTC 2017


Do you mean that the sensor is overloaded and you are dropping packets, or
are you running in IPS mode and seeing that traffic is being dropped? By
default all ET open rules are set to alert, not drop. Suricata will run in
IDS mode by default, so traffic should not be dropped.



On Mon, Nov 6, 2017 at 1:08 PM, rajesh kanna <rajeshkanna.msec at gmail.com>

> Hello folks,
> First of all, thanks to the suricata dev team for this very useful
> application.
> After upgrading to latest Emerging Threats rules package from
> http://rules.emergingthreats.net/open/suricata/,
> I could see the HTTP traffic's are getting dropped sometimes.
> So I just want to know like which rules are wrongly updated leads
> these traffic drops,.
> Had tried to debug the reason with self help diagrams in OISF wiki but
> could not get.
> Any input in this on how to debug further would be highly helpful.
> Thanks in advance,
> Regards,
> Rajesh Kanna
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20171114/569a68c3/attachment-0002.html>

More information about the Oisf-users mailing list