[Oisf-users] Include a file in configuration
Yasha Zislin
coolyasha at hotmail.com
Tue Jun 24 21:13:53 UTC 2014
I am not familiar with either one.
Whichever one will be easy to implement and allow for this variable/list to be updated easily (hopefully not involve suricata service restart).
Thanks for the info.
> Date: Tue, 24 Jun 2014 13:35:47 -0600
> Subject: Re: [Oisf-users] Include a file in configuration
> From: lists at unx.ca
> To: coolyasha at hotmail.com
> CC: oisf-users at lists.openinfosecfoundation.org
>
> On Tue, Jun 24, 2014 at 12:17 PM, Yasha Zislin <coolyasha at hotmail.com> wrote:
> > The command line option might work. Is there a limit how long the variable
> > can be when passed with command line option?
> >
> > Or maybe there is another solution to my original problem. This variable
> > contains a list of IPs. My goal is to avoid any alerts for these IPs since
> > they get blocked completely by something else but Suricata still sees this
> > traffic. So I've created a variable and set my external net to be !home_net
> > and !myvariable. This way traffic from these IPs is treated as home traffic
> > and no alerts get triggered.
> >
> > If there is another way of doing this exclusion, I am welcome to
> > suggestions.
>
> bpf filter? Or perhaps some pass rules? The pass rule could match on
> the specific IPs preventing them from alerting.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20140624/6d32058c/attachment-0002.html>
More information about the Oisf-users
mailing list