[Oisf-devel] Leading spaces in flowbit names
David Wharton
oisf at davidwharton.us
Mon Aug 3 20:25:05 UTC 2015
Hi Harley,
Please see Bug #1481:
https://redmine.openinfosecfoundation.org/issues/1481
-David Wharton
On 08/03/2015 03:16 PM, Harley H wrote:
> Hello,
> Is it possible to remove leading spaces in flowbit names? I came across a
> scenario like the following:
>
> alert tcp any any <> any any (msg: "bad stuff 1"; content: "bad"; flowbits:
> set,badstuff;)
> alert tcp any any <> any any (msg: "bad stuff 2 "; content: "stuff";
> flowbits: isset, badstuff;)
>
> "bad stuff 2" failed to alert because there was a space in between the
> flowbit name and the comma. I realize it's general practice not to put
> spaces there but am hoping it's an easy enough fix to implement.
>
> Thanks,
> Harley
>
>
>
> _______________________________________________
> Suricata IDS Devel mailing list: oisf-devel at openinfosecfoundation.org
> Site: http://suricata-ids.org | Participate: http://suricata-ids.org/participate/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
> Redmine: https://redmine.openinfosecfoundation.org/
> Developer Training in Copenhagen Sept 14-18: http://suricata-ids.org/training/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20150803/fef52d71/attachment-0002.html>
More information about the Oisf-devel
mailing list