[Discussion] Content-based alert message substitution

• Previous message (by thread): [Discussion] Content-based alert message substitution
• Next message (by thread): [Discussion] Content-based alert message substitution
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Martin Fong wrote:
>> Wrt the alerting, I like this idea, it's pretty simple to implement too.
> 
> I've implemented a prototype as a patch and have included some notes
> in this e-mail.  The major problem is _where_ to stow derived data.

In my view the pkt/host/flow vars would be a perfect fit here. The pkt
vars only for vars in the matching packet. But for example a flow var
for getting a username that was captured earlier in the flow...

Cheers,
Victor

-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------

• Previous message (by thread): [Discussion] Content-based alert message substitution
• Next message (by thread): [Discussion] Content-based alert message substitution
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]