[Oisf-users] EXTERNAL: Rule Protocol Keyword Documentation

Andreas Moe moe.andreas at gmail.com
Fri Nov 20 08:20:51 UTC 2015


I saw that one, but im not sure that it lists all the protocols that
suricata can handle. I see in detect-engine-proto.c that many more
protocols are mentioned.

tor. 19. nov. 2015, 22:55 skrev Rasmor, Zachary R <zachary.r.rasmor at lmco.com
>:

> Hi Andreas,
>
>
>
> Regarding documentation, check out the ‘protocol’ section in this link. Is
> this what you were looking for?
>
>
>
>
> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricata_Rules
>
>
>
> Zach
>
>
>
> *________________________*
>
> *Zach Rasmor*
>
> Email: zachary.r.rasmor at lmco.com
>
> Office: 301.240.6116
>
>
>
> *From:* Oisf-users [mailto:
> oisf-users-bounces at lists.openinfosecfoundation.org] *On Behalf Of *Andreas
> Moe
> *Sent:* Thursday, November 19, 2015 1:34 PM
> *To:* oisf-users at lists.openinfosecfoundation.org
> *Subject:* EXTERNAL: [Oisf-users] Rule Protocol Keyword Documentation
>
>
>
> Hi all!
>
>
>
> I was looking around for some documentation for the different keywords,
> with regards to the signature protocol (ex. alert ip.. / drop tcp...).
>
>
>
> I searched on google, and om redmine for the suricata project, but dit not
> find anything (could probably have "searched harder"..), but a search in
> redmine for "pkthdr" gives nothing.
>
>
>
> 1) Anyone know of where this is documented?
>
> 2) If this is not documented
>
> 2.1) Anyone know were i can find a overview of the different allowed
> keywords (in the code)
>
> 2.2) Were (what place in the documentation) would be a good place to add
> this?
>
>
>
> /Andreas
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20151120/44f5a34b/attachment-0002.html>


More information about the Oisf-users mailing list