Documentation #5465: doc/userguide: document terminating behavior of rule actions - Suricata - Open Information Security Foundation

Actions

Copy link

Documentation #5465

open

doc/userguide: document terminating behavior of rule actions

Added by Victor Julien over 2 years ago. Updated 4 months ago.

Status:

Assigned

Priority:

Normal

Assignee:

OISF Dev

Target version:

8.0.0-beta1

Affected Versions:

Effort:

Difficulty:

Label:

Description

Various actions have different "terminating behaviors" in different scenarios.

e.g.:
alert will not terminate, but is limited to a max number of alerts per packet in the output
pass will immediately stop logging more alerts for the same packet and future alerts in the flow
drop will currently log all alerts for a packet, then drop the rest of the flow

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Documentation #5465

doc/userguide: document terminating behavior of rule actions

Updated by Victor Julien over 2 years ago

Updated by Victor Julien about 2 years ago

Updated by Victor Julien about 2 years ago

Updated by Juliana Fajardini Reichow almost 2 years ago

Updated by Victor Julien over 1 year ago

Updated by Victor Julien 4 months ago