aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

doc: add by_either to suppress explanation

Browse Source
pull/3472/head
Victor Julien 7 years ago
parent 1f17d8e5d0
commit 97107a18c1
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File

7
doc/userguide/configuration/global-thresholds.rst
Unescape Escape View File

@ -113,7 +113,7 @@ Syntax:
::
suppress gen_id <gid>, sig_id <sid>
suppress gen_id <gid>, sig_id <sid>, track <by_src|by_dst>, ip <ip|subnet>
suppress gen_id <gid>, sig_id <sid>, track <by_src|by_dst|by_either>, ip <ip|subnet|addressvar>
Examples:
@ -129,6 +129,11 @@ Other possibilities/examples::
suppress gen_id 1, sig_id 2003614, track by_src, ip 217.110.97.128/25
suppress gen_id 1, sig_id 2003614, track by_src, ip [192.168.0.0/16,10.0.0.0/8,172.16.0.0/12]
suppress gen_id 1, sig_id 2003614, track by_src, ip $HOME_NET
suppress gen_id 1, sig_id 2003614, track by_either, ip 217.110.97.128/25
In the last example above, the ``by_either`` tracking means that if either
the ``source ip`` or ``destination ip`` matches ``217.110.97.128/25`` the
rule with sid 2003614 is suppressed.
.. _global-thresholds-vs-rule-thresholds:

Write Preview
Loading…
Cancel
Save