[Oisf-devel] Leading spaces in flowbit names
Jason Ish
lists at unx.ca
Tue Aug 4 00:46:52 UTC 2015
Yes, this has been fixed in master. A pull request for the 2.0.x
branch exists here:
https://github.com/inliniac/suricata/pull/1542
-- Jason
On Mon, Aug 3, 2015 at 2:25 PM, David Wharton <oisf at davidwharton.us> wrote:
> Hi Harley,
>
> Please see Bug #1481:
>
> https://redmine.openinfosecfoundation.org/issues/1481
>
> -David Wharton
>
>
>
> On 08/03/2015 03:16 PM, Harley H wrote:
>
> Hello,
> Is it possible to remove leading spaces in flowbit names? I came across a
> scenario like the following:
>
> alert tcp any any <> any any (msg: "bad stuff 1"; content: "bad"; flowbits:
> set,badstuff;)
> alert tcp any any <> any any (msg: "bad stuff 2 "; content: "stuff";
> flowbits: isset, badstuff;)
>
> "bad stuff 2" failed to alert because there was a space in between the
> flowbit name and the comma. I realize it's general practice not to put
> spaces there but am hoping it's an easy enough fix to implement.
>
> Thanks,
> Harley
>
>
>
> _______________________________________________
> Suricata IDS Devel mailing list: oisf-devel at openinfosecfoundation.org
> Site: http://suricata-ids.org | Participate:
> http://suricata-ids.org/participate/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
> Redmine: https://redmine.openinfosecfoundation.org/
> Developer Training in Copenhagen Sept 14-18:
> http://suricata-ids.org/training/
>
>
>
> _______________________________________________
> Suricata IDS Devel mailing list: oisf-devel at openinfosecfoundation.org
> Site: http://suricata-ids.org | Participate:
> http://suricata-ids.org/participate/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
> Redmine: https://redmine.openinfosecfoundation.org/
> Developer Training in Copenhagen Sept 14-18:
> http://suricata-ids.org/training/
More information about the Oisf-devel
mailing list