[Oisf-users] flowint br0ken ?

Edward Fjellskål edwardfjellskaal at gmail.com
Fri Dec 30 08:20:15 UTC 2011

Previous message (by thread): [Oisf-users] suricata fail to start with pcap mode if interface is not specified in command
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

My flowint rules seems to have stopped working.
(Using 1.1.1)

Example:

alert ip any any -> any any (msg:"TEST SET"; flowint:test,+,1; 
classtype:not-suspicious; sid:100; rev:1;)
alert ip any any -> any any (msg:"TEST FIRE"; flowint:test,>,0; 
classtype:not-suspicious; sid:101; rev:1;)


None of them fire.

Can anyone else confirm this?

E

Previous message (by thread): [Oisf-users] suricata fail to start with pcap mode if interface is not specified in command
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Oisf-users mailing list