This documentation is no longer maintained and exists for historical purposes. The current documentation is located at http://suricata.readthedocs.io/.
Compatibility with Snort (Work in progress)¶
| Keyword | Notes | Versions Affected |
|---|---|---|
| content | As of Suricata 2.0.8, the content string cannot be longer than 255 characters like it can in Snort. * Issue: https://redmine.openinfosecfoundation.org/issues/1281 * PR: https://github.com/inliniac/suricata/pull/1475 |
Fixed in 2.0.9 |
| urilen | In Snort, a urilen range is inclusive, as of Suricata 2.0.8, it is not. * https://redmine.openinfosecfoundation.org/issues/1416 * https://github.com/inliniac/suricata/pull/1469 |
All |
| isdataat | isdataat is off-by-one from Snort. Snort starts at offset 0 where Suricata starts at offset 1. | All |
| flowbits | Suricata will treat leading and trailing space in the flowbit name as part of the name. Snort does not. * Issue: https://redmine.openinfosecfoundation.org/issues/1481 * PR: https://github.com/inliniac/suricata/pull/1539 |
Fixed in 3.0 |
| flow:not_established | The "not_established" flow argument is not supported in Suricata. | All |
locked