[Oisf-users] threshold.config problem ---- help
Victor Julien
lists at inliniac.net
Mon Dec 3 13:56:55 UTC 2012
On 12/03/2012 09:40 AM, 郑博文 wrote:
> Hi everybody:
> I use suricata by IPS mode, I want some rules take effect for
> certain IP or subnet when use suricata, and I want set action type and
> whether to record log, etc. I would like to know suricata 1.3.4 version
> whether implements this feature?
> Then when I learn suricata source codes about threshold.config, I found
> it 'get type of rule' matched with 'rate' in
> SCThresholdConfAddThresholdtype() function, but write 'rate_filter' into
> threshold.config in test function
> SCThresholdConfGenerateValidDummyFD08(), which contrary to the previous.Why?
> Thank you!
I'm having a hard time figuring out what you're asking, but let me point
you to our thresholding documentation:
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Rule-Thresholding
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Global-Thresholds
Please also note bug 425
https://redmine.openinfosecfoundation.org/issues/425, which is only
partly addressed in 1.4rc1.
Cheers,
Victor
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list