With triggering stream reassembly early, since for certain types of
rules there may be more alerts triggered - even in IPS mode, make this
clear in the upgrading section.
Bug #7026
Instead, both the SDP parser and logger depend on being invoked by another parser (or logger).
- ARP decoder and logger have been introduced.
Since ARP can be quite verbose and produce many events, the logger is disabled by default.
+- It is possible to see an increase of alerts, for the same rule-sets, if you
+ use many stream/payload rules, due to Suricata triggering TCP stream
+ reassembly earlier.
Upgrading 6.0 to 7.0
--------------------
projects / thirdparty / suricata.git / commitdiff
