Snort mailing list archives

Previous By Date Next
Previous By Thread Next

[sonrt-user]About rule options

From: Mayur Patil <ram.nath241089 () gmail com>
Date: Tue, 24 Sep 2013 16:41:06 +0530
Hi,

    I want to ask which is the alternate option to use in  shared object
rule

    instead of

***     *threshold*

**     detection_filter
*
*
*     track_by*

**     event_filter*

as these options become obsolete when parsing the text rules

and I want to use  *counts,seconds*    which are parts of above options.

is there any alternative or replacement??

Seeking for guidance,

Thanks !!

-- 
*Cheers,
Mayur*.

------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: