Re: Using detection_filter instead of threshold

["Eric L. Howard" <ericlhoward () gmail com>]

On Wed, Oct 27, 2010 at 12:47 PM, L0rd Ch0de1m0rt
<l0rdch0de1m0rt () gmail com> wrote:
> Thanks.  Is there any way to do it in the rule itself like back in the
> salad days?

Nope.

DEPRECATED ITEMS
================

* detection_filter replaces the existing in-rule threshold, which is now
  obsolete.  Furthermore, the existing threshold when used within a rule was
  not part of the detection process; it was equivalent to a standalone
  threshold.  To retain the functionality of existing in-rule thresholds,
  reformat them as standalone event_filters (see below).

* event_filter replaces the existing standalone threshold, which is now
  deprecated.  Furthermore, even though event_filter is an alias for threshold,
  which is allowed to appear in a rule (although that use is now also
  deprecated), event_filter will not be allowed in a rule.  Such use will
  result in a fatal error during initialization.

~elh

------------------------------------------------------------------------------
Nokia and AT&T present the 2010 Calling All Innovators-North America contest
Create new apps & games for the Nokia N8 for consumers in  U.S. and Canada
$10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing
Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store 
http://p.sf.net/sfu/nokia-dev2dev
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs