[Oisf-users] Advanced Features Examples?

0100 suroot at gmail.com
Fri Jul 2 18:10:35 UTC 2010



On Wed, Jun 30, 2010 at 11:20 AM, 0100 <suroot at gmail.com> wrote:
> Hi All,
> Finally getting some time to play with Suricata. So far so good. I
> have it building and running no problem, and have started trying to
> get PF_RING working. Multicore performance is very impressive.
> So now I want to start getting familiar with the more advanced
> features but I'm having trouble figuring out how to write rules that
> exercise these new features.
> Here's some of the things that I think are actually implemented but I
> can't figure out how to use them:
> - Generally any new rule features above and beyond snort
>  - I see mention of keywords in the release notes like http_headers
> etc. How do you use these? Is there a place in the code I can look to
> easily figure this out? Docs?
>  - Port independent matching (how do I find out what the currently
> supported protocols are for this?)
> - What does rule profiling do and how does it work?
> - IP Reputation - not clear on exactly what this even does much less
> how to use it. Has this been implemented?
> - Global variables: Do you just use flowbits for this and the engine
> takes care of it? What are some examples of ways this could be used?
> Thanks!
> 0100

More information about the Oisf-users mailing list