[Oisf-users] EXTERNAL: Rule Protocol Keyword Documentation

Andreas Herz andi at geekosphere.org
Thu Dec 3 23:24:16 UTC 2015


On 20/11/15 at 09:20, Andreas Moe wrote:
> I saw that one, but im not sure that it lists all the protocols that
> suricata can handle. I see in detect-engine-proto.c that many more
> protocols are mentioned.

Which ones?

But nevertheless, we're working on improving and updating the docs and
this will be one part of it :)

> tor. 19. nov. 2015, 22:55 skrev Rasmor, Zachary R <zachary.r.rasmor at lmco.com
> >:
> 
> > Hi Andreas,
> >
> >
> >
> > Regarding documentation, check out the ‘protocol’ section in this link. Is
> > this what you were looking for?
> >
> >
> >
> >
> > https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricata_Rules
> >
> >
> >
> > Zach
> >
> >
> >
> > *________________________*
> >
> > *Zach Rasmor*
> >
> > Email: zachary.r.rasmor at lmco.com
> >
> > Office: 301.240.6116
> >
> >
> >
> > *From:* Oisf-users [mailto:
> > oisf-users-bounces at lists.openinfosecfoundation.org] *On Behalf Of *Andreas
> > Moe
> > *Sent:* Thursday, November 19, 2015 1:34 PM
> > *To:* oisf-users at lists.openinfosecfoundation.org
> > *Subject:* EXTERNAL: [Oisf-users] Rule Protocol Keyword Documentation
> >
> >
> >
> > Hi all!
> >
> >
> >
> > I was looking around for some documentation for the different keywords,
> > with regards to the signature protocol (ex. alert ip.. / drop tcp...).
> >
> >
> >
> > I searched on google, and om redmine for the suricata project, but dit not
> > find anything (could probably have "searched harder"..), but a search in
> > redmine for "pkthdr" gives nothing.
> >
> >
> >
> > 1) Anyone know of where this is documented?
> >
> > 2) If this is not documented
> >
> > 2.1) Anyone know were i can find a overview of the different allowed
> > keywords (in the code)
> >
> > 2.2) Were (what place in the documentation) would be a good place to add
> > this?
> >
> >
> >
> > /Andreas
> >

> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 4 & 5 in Barcelona: http://oisfevents.net


-- 
Andreas Herz


More information about the Oisf-users mailing list