[Oisf-users] threshold.config problem ---- help

Victor Julien lists at inliniac.net
Mon Dec 3 13:56:55 UTC 2012

On 12/03/2012 09:40 AM, 郑博文 wrote:
> Hi everybody:
>     I use suricata by IPS mode, I want some rules take effect for
> certain IP or subnet when use suricata, and I want set action type and
> whether to record log, etc. I would like to know suricata 1.3.4 version
> whether implements this feature?
> Then when I learn suricata source codes about threshold.config, I found
> it 'get type of rule' matched with 'rate' in
> SCThresholdConfAddThresholdtype() function, but write 'rate_filter' into
> threshold.config in test function
> SCThresholdConfGenerateValidDummyFD08(), which contrary to the previous.Why?
>     Thank you!

I'm having a hard time figuring out what you're asking, but let me point
you to our thresholding documentation:



Please also note bug 425
https://redmine.openinfosecfoundation.org/issues/425, which is only
partly addressed in 1.4rc1.


Victor Julien
PGP: http://www.inliniac.net/victorjulien.asc

More information about the Oisf-users mailing list