[Oisf-devel] "noalert" option for xbits.
amit zala
impmails67 at gmail.com
Wed Aug 24 21:48:24 UTC 2016
Hi All,
I was trying to use xbits for tracking purpose in ippair tracking.
Problem:
There are 2 rules. Rule A and Rule B.
Rule A has certain conditions, and if they are met I set one xbit.
Rule B has certain conditions , if those are met and Rule A has set the
xbit then, I want to trigger the alert.
When I run the attack both the attacks gets logged, but I need only rule B
to get logged.
So, my question is, Do we have "flowbits:noalert" type support for xbits?
How can I stop suricata from logging rules which are just setting xbits?
Thanks
Amit
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20160825/649b331c/attachment.html>
More information about the Oisf-devel
mailing list