Support #3045: How limiting the number of alerts in the fast.log - Suricata - Open Information Security Foundation

Actions

Copy link

Support #3045

closed

How limiting the number of alerts in the fast.log

Added by Ivan Ivanov over 5 years ago. Updated over 4 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Affected Versions:

Label:

Description

Could you please tell me how it is possible to set up Suricata, that only one alert on one pcap-file got into the fast.log, even if the rule worked on it several times. The goal is to apply this setting to all rules at the same time.

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Support #3045

How limiting the number of alerts in the fast.log

Updated by Andreas Herz over 5 years ago

Updated by Ivan Ivanov over 5 years ago

Updated by Peter Manev over 5 years ago

Updated by Victor Julien over 4 years ago