[Oisf-users] threshold.config problem ---- help

Victor Julien lists at inliniac.net
Mon Dec 3 13:56:55 UTC 2012


On 12/03/2012 09:40 AM, 郑博文 wrote:
> Hi everybody:
>     I use suricata by IPS mode, I want some rules take effect for
> certain IP or subnet when use suricata, and I want set action type and
> whether to record log, etc. I would like to know suricata 1.3.4 version
> whether implements this feature?
> Then when I learn suricata source codes about threshold.config, I found
> it 'get type of rule' matched with 'rate' in
> SCThresholdConfAddThresholdtype() function, but write 'rate_filter' into
> threshold.config in test function
> SCThresholdConfGenerateValidDummyFD08(), which contrary to the previous.Why?
>     Thank you!

I'm having a hard time figuring out what you're asking, but let me point
you to our thresholding documentation:

https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Rule-Thresholding

https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Global-Thresholds

Please also note bug 425
https://redmine.openinfosecfoundation.org/issues/425, which is only
partly addressed in 1.4rc1.

Cheers,
Victor

-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------




More information about the Oisf-users mailing list