[Discussion] How to create this Suricata rule?

• Previous message (by thread): [Discussion] Suricata Performance Tuning (kernel_drops very high)
• Next message (by thread): [Discussion] Suricata output file
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi everyone,

 I am a new Suricata user, I haves some experiences of using Snort.
Recently, I find a new attack in our IPv6 network; I am thinking to create
a new Suricata rule for detecting this attack. But there is one requirement
for creating this rule. We have to record some information from the
previous packets that include the IP addresses, payload information and
port numbers. And then we have to compare a new packet’s payload with those
previous records. Does Suricate allow me to this? If possible, how should I
do it?

Thank you for your kind cooperation.


Kind regards,

Steven
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/discussion/attachments/20150118/14088f80/attachment.html>

• Previous message (by thread): [Discussion] Suricata Performance Tuning (kernel_drops very high)
• Next message (by thread): [Discussion] Suricata output file
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]