Hello, there’s setting named drop within eve-log->type as follows. I am wondering what it means and what’s the effect please? Thanks in advance.
In IPS mode Suricata can drop packets, that would be logged in that case. Alerts with the keyword drop
instead of alert
are responsible for this.