[Oisf-users] threshold.config problem ---- help

Daniel Wyschogrod dwyschogrod at bbn.com
Mon Dec 3 13:59:28 UTC 2012


My apologies.  The post was actually intended for the Bro group - i hadn't intended to cross post.

Dan
____________________
Dan Wyschogrod

Senior Scientist
Cyber Security
Raytheon/BBN Technologies

dwyschogrod at bbn.com




On Dec 3, 2012, at 8:56 AM, Victor Julien <lists at inliniac.net> wrote:

> On 12/03/2012 09:40 AM, 郑博文 wrote:
>> Hi everybody:
>>    I use suricata by IPS mode, I want some rules take effect for
>> certain IP or subnet when use suricata, and I want set action type and
>> whether to record log, etc. I would like to know suricata 1.3.4 version
>> whether implements this feature?
>> Then when I learn suricata source codes about threshold.config, I found
>> it 'get type of rule' matched with 'rate' in
>> SCThresholdConfAddThresholdtype() function, but write 'rate_filter' into
>> threshold.config in test function
>> SCThresholdConfGenerateValidDummyFD08(), which contrary to the previous.Why?
>>    Thank you!
> 
> I'm having a hard time figuring out what you're asking, but let me point
> you to our thresholding documentation:
> 
> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Rule-Thresholding
> 
> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Global-Thresholds
> 
> Please also note bug 425
> https://redmine.openinfosecfoundation.org/issues/425, which is only
> partly addressed in 1.4rc1.
> 
> Cheers,
> Victor
> 
> -- 
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
> 
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2593 bytes
Desc: not available
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20121203/19f1f36d/attachment-0002.bin>


More information about the Oisf-users mailing list