typedef struct PacketAlerts_ {
uint16_t cnt;
uint16_t discarded;
+ uint16_t suppressed;
PacketAlert *alerts;
/* single pa used when we're dropping,
* so we can log it out in the drop log. */
(p)->pktlen = 0; \
(p)->alerts.cnt = 0; \
(p)->alerts.discarded = 0; \
+ (p)->alerts.suppressed = 0; \
(p)->alerts.drop.action = 0; \
(p)->pcap_cnt = 0; \
(p)->tunnel_rtv_cnt = 0; \
/* Thresholding removes this alert */
if (res == 0 || res == 2 || (s->flags & SIG_FLAG_NOALERT)) {
/* we will not copy this to the AlertQueue */
- p->alerts.discarded++;
+ p->alerts.suppressed++;
} else if (p->alerts.cnt < packet_alert_max) {
p->alerts.alerts[p->alerts.cnt] = det_ctx->alert_queue[i];
SCLogDebug("Appending sid %" PRIu32 " alert to Packet::alerts at pos %u", s->id, i);
det_ctx->counter_alerts = StatsRegisterCounter("detect.alert", tv);
det_ctx->counter_alerts_overflow =
StatsRegisterCounter("detect.alert_queue_overflow", tv);
+ det_ctx->counter_alerts_suppressed =
+ StatsRegisterCounter("detect.alerts_suppressed", tv);
#ifdef PROFILING
det_ctx->counter_mpm_list = StatsRegisterAvgCounter("detect.mpm_list", tv);
det_ctx->counter_nonmpm_list = StatsRegisterAvgCounter("detect.nonmpm_list", tv);
#ifdef UNITTESTS
p->alerts.cnt = 0;
p->alerts.discarded = 0;
+ p->alerts.suppressed = 0;
#endif
det_ctx->ticker++;
det_ctx->filestore_cnt = 0;
if (p->alerts.discarded > 0) {
StatsAddUI64(tv, det_ctx->counter_alerts_overflow, (uint64_t)p->alerts.discarded);
}
+ if (p->alerts.suppressed > 0) {
+ StatsAddUI64(tv, det_ctx->counter_alerts_suppressed, (uint64_t)p->alerts.suppressed);
+ }
PACKET_PROFILING_DETECT_END(p, PROF_DETECT_ALERT);
}
/** id for alert counter */
uint16_t counter_alerts;
- /** id for discarded alerts counter**/
+ /** id for discarded alerts counter */
uint16_t counter_alerts_overflow;
+ /** id for suppressed alerts counter */
+ uint16_t counter_alerts_suppressed;
#ifdef PROFILING
uint16_t counter_mpm_list;
uint16_t counter_nonmpm_list;
projects / thirdparty / suricata.git / commitdiff
