[Oisf-users] Suricata generator_id
Victor Julien
lists at inliniac.net
Sat Jul 25 09:24:13 UTC 2015
On 07/24/2015 06:21 PM, Duane Howard wrote:
> Does suricata only use gen_id 1 for all alerts? I'm trying to find the
> mapping of what I might expect to see in output other than 1. Quick src
> grep didn't turn up much.
Suri doesn't generate any event by itself, it's all in the rules. A rule
defaults to gen id 1. So unless the rule explicitly specifies a
different gen id, it's all 1.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list