stats:
enabled: yes
interval: 8
+ exception-policy:
+ global-stats: true
outputs:
- eve-log:
event_type: stats
stats.ips.drop_reason.applayer_error: 1
- filter:
- min-version: 8
+ min-version: 7.0.12
count: 1
match:
event_type: stats
stats.exception_policy.app_layer.error.drop_flow: 1
stats.exception_policy.app_layer.error.pass_flow: 0
+ not-has-key: stats.app_layer.error.tls.exception_policy.drop_flow
- filter:
min-version: 8
count: 1
enabled: yes
interval: 8
exception-policy:
+ global-stats: true
per-app-proto-errors: true
event_type: flow
flow.action: drop
- filter:
- min-version: 8
+ min-version: 7.0.12
count: 1
match:
event_type: stats
stats.app_layer.error.tls.exception_policy.pass_packet: 1
stats.app_layer.error.tls.exception_policy.drop_packet: 0
+ stats.exception_policy.app_layer.error.pass_packet: 1
- filter:
min-version: 8
count: 1
enabled: yes
interval: 8
exception-policy:
+ global-stats: true
per-app-proto-errors: true
requires:
- min-version: 8
+ min-version: 7.0.12
features:
- DEBUG
pcap: ../bittorrent-dht/input.pcap
stats.exception_policy.app_layer.error.pass_packet: 1
stats.exception_policy.app_layer.error.drop_packet: 0
- filter:
+ min-version: 8
count: 1
match:
event_type: flow
%YAML 1.1
---
+stats:
+ exception-policy:
+ global-stats: true
+
outputs:
- eve-log:
enabled: yes
event_type: flow
not-has-key: flow.exception_policy[0].target
not-has-key: flow.exception_policy[0].policy
+ - filter:
+ min-version: 7.0.12
+ count: 1
+ match:
+ event_type: stats
+ not-has-key: stats.exception_policy
%YAML 1.1
---
+stats:
+ enabled: true
+
outputs:
- eve-log:
enabled: yes
header: X-Forwarded-For
- flow
- http
+ - stats
- drop:
alerts: yes
flows: all
event_type: flow
flow.exception_policy[0].target: "stream_midstream"
flow.exception_policy[0].policy: "drop_flow"
+ - filter:
+ min-version: 8
+ count: 1
+ match:
+ event_type: stats
+ stats.exception_policy.tcp.midstream.drop_flow: 1
+ # in Suricata 7, the exception policy stats counters can be disabled
+ - filter:
+ min-version: 7.0.12
+ lt-version: 8
+ count: 1
+ match:
+ event_type: stats
+ not-has-key: stats.exception_policy
- flow
- stats
+stats:
+ exception-policy:
+ global-stats: true
+
action-order:
- pass
- drop
event_type: stats
stats.ips.drop_reason.defrag_memcap: 1
- filter:
- min-version: 8
+ min-version: 7.0.12
count: 1
match:
event_type: stats
filename: stats.log
append: yes
+stats:
+ exception-policy:
+ global-stats: true
+
flow.exception_policy[0].target: "stream_midstream"
flow.exception_policy[0].policy: "drop_flow"
- filter:
- min-version: 8
+ min-version: 7.0.12
count: 1
match:
event_type: stats
%YAML 1.1
---
+stats:
+ exception-policy:
+ global-stats: true
+
outputs:
- eve-log:
enabled: yes
header: X-Forwarded-For
- flow
- http
+ - stats
- drop:
alerts: yes
flows: all
event_type: flow
flow.exception_policy[0].target: "stream_midstream"
flow.exception_policy[0].policy: "pass_flow"
+ - filter:
+ min-version: 7.0.12
+ count: 1
+ match:
+ event_type: stats
+ stats.exception_policy.tcp.midstream.pass_flow: 1
%YAML 1.1
---
+stats:
+ exception-policy:
+ global-stats: true
+
outputs:
- eve-log:
enabled: yes
header: X-Forwarded-For
- flow
- http
+ - stats
- drop:
alerts: yes
flows: all
event_type: flow
flow.exception_policy[0].target: "stream_midstream"
flow.exception_policy[0].policy: "ignore"
+ - filter:
+ min-version: 7.0.12
+ count: 1
+ match:
+ event_type: stats
+ stats.exception_policy.tcp.reassembly.drop_flow: 0
+ not-has-key: stats.exception_policy.tcp.midstream
%YAML 1.1
---
+stats:
+ exception-policy:
+ global-stats: true
+
outputs:
- eve-log:
enabled: yes
header: X-Forwarded-For
- flow
- http
+ - stats
- drop:
alerts: yes
flows: all
event_type: flow
flow.exception_policy[0].target: "stream_midstream"
flow.exception_policy[0].policy: "ignore"
+ - filter:
+ min-version: 7.0.12
+ count: 1
+ match:
+ event_type: stats
+ not-has-key: stats.exception_policy.tcp.midstream
+
stats:
enabled: yes
+ exception-policy:
+ global-stats: true
outputs:
- eve-log:
match:
event_type: http
- filter:
- min-version: 8
+ min-version: 7.0.12
count: 1
match:
event_type: stats
%YAML 1.1
---
+stats:
+ exception-policy:
+ global-stats: true
+
outputs:
- eve-log:
enabled: yes
event_type: stats
stats.ips.drop_reason.stream_midstream: 1
- filter:
- min-version: 8
+ min-version: 7.0.12
count: 1
match:
event_type: stats
%YAML 1.1
---
+stats:
+ exception-policy:
+ global-stats: true
+
outputs:
- eve-log:
enabled: yes
match:
event_type: http
- filter:
- min-version: 8
+ min-version: 7.0.12
count: 1
match:
event_type: stats
%YAML 1.1
---
+stats:
+ exception-policy:
+ global-stats: true
+
outputs:
- eve-log:
enabled: yes
match:
event_type: http
- filter:
- min-version: 8
+ min-version: 7.0.12
count: 1
match:
event_type: stats
%YAML 1.1
---
+stats:
+ exception-policy:
+ global-stats: true
+
outputs:
- eve-log:
enabled: yes
event_type: flow
flow.action: drop
- filter:
- min-version: 8
+ min-version: 7.0.12
count: 1
match:
event_type: stats
- alert:
- flow
- http
+ - stats
- drop:
alerts: yes
flows: all
+
+stats:
+ exception-policy:
+ global-stats: true
event_type: flow
flow.exception_policy[0].target: "stream_midstream"
flow.exception_policy[0].policy: "reject"
+ - filter:
+ min-version: 7.0.12
+ count: 1
+ match:
+ event_type: stats
+ stats.exception_policy.tcp.midstream.reject: 1
stats:
enabled: yes
+ exception-policy:
+ global-stats: true
outputs:
- eve-log:
event_type: stats
stats.ips.drop_reason.flow_memcap: 1
- filter:
- min-version: 8
+ min-version: 7.0.12
count: 1
match:
event_type: stats
stats:
enabled: yes
+ exception-policy:
+ global-stats: true
outputs:
- eve-log:
event_type: flow
flow.action: drop
- filter:
+ min-version: 7.0.12
count: 1
match:
event_type: stats
stats.ips.drop_reason.stream_reassembly: 1
+ stats.exception_policy.tcp.reassembly.drop_flow: 1
- filter:
min-version: 8
count: 1
%YAML 1.1
---
+stats:
+ exception-policy:
+ global-stats: true
+
outputs:
- eve-log:
enabled: yes
flows: all # start or all: 'start' logs only a single drop
# per flow direction. All logs each dropped pkt.
- flow
+ - stats
action-order:
- pass
- drop
flow.exception_policy[0].policy: "pass_flow"
flow.exception_policy[1].target: "app_layer_error"
flow.exception_policy[1].policy: "ignore"
+ - filter:
+ min-version: 7.0.12
+ count: 1
+ match:
+ event_type: stats
+ stats.exception_policy.tcp.reassembly.pass_flow: 1
+ not-has-key: stats.app_layer.error.tls.exception_policy
flows: all # start or all: 'start' logs only a single drop
# per flow direction. All logs each dropped pkt.
- flow
+ - stats
+
+stats:
+ exception-policy:
+ global-stats: true
+
action-order:
- pass
- drop
event_type: flow
flow.exception_policy[0].target: "stream_reassembly_memcap"
flow.exception_policy[0].policy: "bypass"
+ - filter:
+ min-version: 7.0.12
+ count: 1
+ match:
+ event_type: stats
+ stats.exception_policy.tcp.reassembly.bypass: 1
%YAML 1.1
---
+stats:
+ exception-policy:
+ global-stats: true
+
outputs:
- eve-log:
enabled: yes
event_type: flow
flow.exception_policy[0].target: "stream_reassembly_memcap"
flow.exception_policy[0].policy: "drop_flow"
+ - filter:
+ min-version: 7.0.12
+ count: 1
+ match:
+ event_type: stats
+ stats.exception_policy.tcp.reassembly.drop_flow: 1
%YAML 1.1
---
+stats:
+ exception-policy:
+ global-stats: true
+
outputs:
- eve-log:
enabled: yes
flow.exception_policy[0].policy: "drop_packet"
flow.exception_policy[1].target: "app_layer_error"
flow.exception_policy[1].policy: "ignore"
+ - filter:
+ min-version: 7.0.12
+ count: 1
+ match:
+ event_type: stats
+ stats.exception_policy.tcp.reassembly.drop_packet: 1
+ not-has-key: stats.exception_policy.app_layer.error
%YAML 1.1
---
+stats:
+ exception-policy:
+ global-stats: true
+
outputs:
- eve-log:
enabled: yes
event_type: flow
flow.action: drop
- filter:
- min-version: 8
+ min-version: 7.0.12
count: 1
match:
event_type: stats
flow.exception_policy[0].policy: "pass_packet"
flow.exception_policy[1].target: "app_layer_error"
flow.exception_policy[1].policy: "ignore"
+ - filter:
+ min-version: 7.0.12
+ count: 1
+ match:
+ event_type: stats
+ stats.exception_policy.tcp.reassembly.pass_packet: 1
+ not-has-key: stats.exception_policy.app_layer.error
%YAML 1.1
---
+stats:
+ exception-policy:
+ global-stats: true
+
outputs:
- eve-log:
enabled: yes
event_type: stats
stats.ips.drop_reason.stream_memcap: 1
- filter:
- min-version: 8
+ min-version: 7.0.12
count: 1
match:
event_type: stats
projects / thirdparty / suricata-verify.git / commitdiff
