[Oisf-users] EXTERNAL: Rule Protocol Keyword Documentation

Rasmor, Zachary R zachary.r.rasmor at lmco.com
Thu Nov 19 21:54:59 UTC 2015

Hi Andreas,


Regarding documentation, check out the ‘protocol’ section in this link. Is this what you were looking for?







Zach Rasmor

Email:  <mailto:zachary.r.rasmor at lmco.com> zachary.r.rasmor at lmco.com

Office: 301.240.6116


From: Oisf-users [mailto:oisf-users-bounces at lists.openinfosecfoundation.org] On Behalf Of Andreas Moe
Sent: Thursday, November 19, 2015 1:34 PM
To: oisf-users at lists.openinfosecfoundation.org
Subject: EXTERNAL: [Oisf-users] Rule Protocol Keyword Documentation


Hi all!


I was looking around for some documentation for the different keywords, with regards to the signature protocol (ex. alert ip.. / drop tcp...).


I searched on google, and om redmine for the suricata project, but dit not find anything (could probably have "searched harder"..), but a search in redmine for "pkthdr" gives nothing.


1) Anyone know of where this is documented?

2) If this is not documented

2.1) Anyone know were i can find a overview of the different allowed keywords (in the code)

2.2) Were (what place in the documentation) would be a good place to add this?



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20151119/c52064f3/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 11767 bytes
Desc: not available
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20151119/c52064f3/attachment-0002.bin>

More information about the Oisf-users mailing list