Re: [sonrt-user]About rule options

[Joel Esler <jesler () sourcefire com>]

On Sep 24, 2013, at 7:11 AM, Mayur Patil <ram.nath241089 () gmail com> wrote:

> Hi,
>
>     I want to ask which is the alternate option to use in  shared object rule 
>
>     instead of 
>
> *     threshold
>     
> *     detection_filter
>  
> *     track_by
>    
> *     event_filter
>
> as these options become obsolete when parsing the text rules
>
> and I want to use  counts,seconds    which are parts of above options.
>
> is there any alternative or replacement??
>
> Seeking for guidance,

Dear Mayur,

Thanks for your email.  I believe you will find what you are looking for here: 
http://manual.snort.org/node19.html#SECTION00342000000000000000

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire

------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!