From 167d947b7c536c74487533d68c22821ee76bfb36 Mon Sep 17 00:00:00 2001 From: Juliana Fajardini Date: Wed, 26 Feb 2025 16:38:36 -0300 Subject: [PATCH] userguide/exceptions: clarify when stats are logged The stats for exception policies are only logged/ present when any of the exception policies are enabled (which means any value other than "auto" or "ignore" in IDS mode, or "ignore" in IPS mode). This wasn't clearly stated in the docs. --- doc/userguide/configuration/exception-policies.rst | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/doc/userguide/configuration/exception-policies.rst b/doc/userguide/configuration/exception-policies.rst index 3b1a0619aa60..f9056633fa40 100644 --- a/doc/userguide/configuration/exception-policies.rst +++ b/doc/userguide/configuration/exception-policies.rst @@ -59,6 +59,10 @@ It is possible to disable this default, by setting the exception policies' **In IDS mode**, setting ``auto`` mode actually means disabling the ``master-switch``, or ignoring the exception policies. +.. note:: + + If no exception policy is enabled, Suricata will not log exception policy stats. + .. _eps_settings: Specific settings @@ -259,7 +263,8 @@ to Suricata applying the behavior that had been configured for such scenario: Available Stats ~~~~~~~~~~~~~~~ -There are stats counters for each supported exception policy scenario: +There are stats counters for each supported exception policy scenario that will +be logged when exception policies are enabled: .. list-table:: **Exception Policy Stats Counters** :widths: 50 50 @@ -288,7 +293,7 @@ Stats for application layer errors are available in summarized form or per application layer protocol. As the latter is extremely verbose, by default Suricata logs only the summary. If any further investigation is needed, it is recommended to enable per-app-proto exception policy error counters -temporarily (for :ref:`stats configuration`). +temporarily (for more, read :ref:`stats configuration`). Command-line Options for Simulating Exceptions