[prev in list] [next in list] [prev in thread] [next in thread]
List: oisf-users
Subject: Re: [Oisf-users] Include a file in configuration
From: Yasha Zislin <coolyasha () hotmail ! com>
Date: 2014-06-24 21:13:53
Message-ID: COL127-W8BBBE918593DB57BC7E47A21E0 () phx ! gbl
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
I am not familiar with either one.
Whichever one will be easy to implement and allow for this variable/list to be \
updated easily (hopefully not involve suricata service restart).
Thanks for the info.
> Date: Tue, 24 Jun 2014 13:35:47 -0600
> Subject: Re: [Oisf-users] Include a file in configuration
> From: lists@unx.ca
> To: coolyasha@hotmail.com
> CC: oisf-users@lists.openinfosecfoundation.org
>
> On Tue, Jun 24, 2014 at 12:17 PM, Yasha Zislin <coolyasha@hotmail.com> wrote:
> > The command line option might work. Is there a limit how long the variable
> > can be when passed with command line option?
> >
> > Or maybe there is another solution to my original problem. This variable
> > contains a list of IPs. My goal is to avoid any alerts for these IPs since
> > they get blocked completely by something else but Suricata still sees this
> > traffic. So I've created a variable and set my external net to be !home_net
> > and !myvariable. This way traffic from these IPs is treated as home traffic
> > and no alerts get triggered.
> >
> > If there is another way of doing this exclusion, I am welcome to
> > suggestions.
>
> bpf filter? Or perhaps some pass rules? The pass rule could match on
> the specific IPs preventing them from alerting.
[Attachment #5 (text/html)]
<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>I am not familiar with either one. \
<br>Whichever one will be easy to implement and allow for this variable/list to be \
updated easily (hopefully not involve suricata service restart).<br><br>Thanks for \
the info.<br><br><div>> Date: Tue, 24 Jun 2014 13:35:47 -0600<br>> Subject: Re: \
[Oisf-users] Include a file in configuration<br>> From: lists@unx.ca<br>> To: \
coolyasha@hotmail.com<br>> CC: oisf-users@lists.openinfosecfoundation.org<br>> \
<br>> On Tue, Jun 24, 2014 at 12:17 PM, Yasha Zislin <coolyasha@hotmail.com> \
wrote:<br>> > The command line option might work. Is there a limit how long the \
variable<br>> > can be when passed with command line option?<br>> \
><br>> > Or maybe there is another solution to my original problem. This \
variable<br>> > contains a list of IPs. My goal is to avoid any alerts for \
these IPs since<br>> > they get blocked completely by something else but \
Suricata still sees this<br>> > traffic. So I've created a variable and set my \
external net to be !home_net<br>> > and !myvariable. This way traffic from \
these IPs is treated as home traffic<br>> > and no alerts get \
triggered.<br>> ><br>> > If there is another way of doing this exclusion, \
I am welcome to<br>> > suggestions.<br>> <br>> bpf filter? Or perhaps \
some pass rules? The pass rule could match on<br>> the specific IPs preventing \
them from alerting.<br></div> </div></body> </html>
_______________________________________________
Suricata IDS Users mailing list: oisf-users@openinfosecfoundation.org
Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
OISF: http://www.openinfosecfoundation.org/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic