[Oisf-users] threshold.config problem ---- help
Daniel Wyschogrod
dwyschogrod at bbn.com
Mon Dec 3 13:59:28 UTC 2012
My apologies. The post was actually intended for the Bro group - i hadn't intended to cross post.
Dan
____________________
Dan Wyschogrod
Senior Scientist
Cyber Security
Raytheon/BBN Technologies
dwyschogrod at bbn.com
On Dec 3, 2012, at 8:56 AM, Victor Julien <lists at inliniac.net> wrote:
> On 12/03/2012 09:40 AM, 郑博文 wrote:
>> Hi everybody:
>> I use suricata by IPS mode, I want some rules take effect for
>> certain IP or subnet when use suricata, and I want set action type and
>> whether to record log, etc. I would like to know suricata 1.3.4 version
>> whether implements this feature?
>> Then when I learn suricata source codes about threshold.config, I found
>> it 'get type of rule' matched with 'rate' in
>> SCThresholdConfAddThresholdtype() function, but write 'rate_filter' into
>> threshold.config in test function
>> SCThresholdConfGenerateValidDummyFD08(), which contrary to the previous.Why?
>> Thank you!
>
> I'm having a hard time figuring out what you're asking, but let me point
> you to our thresholding documentation:
>
> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Rule-Thresholding
>
> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Global-Thresholds
>
> Please also note bug 425
> https://redmine.openinfosecfoundation.org/issues/425, which is only
> partly addressed in 1.4rc1.
>
> Cheers,
> Victor
>
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2593 bytes
Desc: not available
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20121203/19f1f36d/attachment-0002.bin>
More information about the Oisf-users
mailing list