intrusion detection: log drops and alerts causing them

2026-03-18 02:25:05 +00:00 · 2018-01-20 12:17:04 +01:00 · 2018-01-20 12:17:04 +01:00 · 573612d48e
commit 573612d48e
parent 5e970ddf87
1 changed files with 4 additions and 1 deletions
--- a/src/opnsense/service/templates/OPNsense/IDS/suricata.yaml
+++ b/src/opnsense/service/templates/OPNsense/IDS/suricata.yaml
@ -117,7 +117,10 @@ outputs:
 #        - files:
 #            force-magic: no   # force logging magic on all logged files
 #            force-md5: no     # force logging of md5 checksums
-#        #- drop
+        - drop:
+            alerts: yes      # log alerts that caused drops
+            flows: start     # start or all: 'start' logs only a single drop
+                             # per flow direction. All logs each dropped pkt.
 #        - ssh

  # alert output for use with Barnyard2