aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

doc: snort compatibility

Browse Source
pull/2302/head
Jason Ish 10 years ago committed by Victor Julien
parent 4f9f9c09ec
commit 5e0c39be57
4 changed files with 76 additions and 3 deletions
Show Stats Download Patch File Download Diff File

10
doc/sphinx/conf.py
Unescape Escape View File

@ -16,6 +16,8 @@ import sys
import os import os
import shlex import shlex
on_rtd = os.environ.get('READTHEDOCS', None) == 'True'
# If extensions (or modules to document with autodoc) are in another directory, # If extensions (or modules to document with autodoc) are in another directory,
# add these directories to sys.path here. If the directory is relative to the # add these directories to sys.path here. If the directory is relative to the
# documentation root, use os.path.abspath to make it absolute, like shown here. # documentation root, use os.path.abspath to make it absolute, like shown here.
@ -108,8 +110,12 @@ todo_include_todos = False
# The theme to use for HTML and HTML Help pages. See the documentation for # The theme to use for HTML and HTML Help pages. See the documentation for
# a list of builtin themes. # a list of builtin themes.
#html_theme = 'alabaster' if not on_rtd:
html_theme = 'sphinx_rtd_theme' #html_theme = 'alabaster'
html_theme = 'sphinx_rtd_theme'
#html_theme = 'classic'
#html_theme = 'default'
#html_theme = 'nature'
# Theme options are theme-specific and customize the look and feel of a theme # Theme options are theme-specific and customize the look and feel of a theme
# further. For a list of options available for each theme, see the # further. For a list of options available for each theme, see the

1
doc/sphinx/index.rst
Unescape Escape View File

@ -7,4 +7,5 @@ Suricata User Guide
what-is-suricata what-is-suricata
command-line-options command-line-options
snort-compatibility
rules/index.rst rules/index.rst

2
doc/sphinx/rules/adding-your-own-rules.rst
Unescape Escape View File

@ -11,7 +11,7 @@ your console:
sudo nano local.rules sudo nano local.rules
Write your rule, see :doc:`rules` and save it. Write your rule, see :doc:`intro` and save it.
Open yaml Open yaml

66
doc/sphinx/snort-compatibility.rst
Unescape Escape View File

@ -0,0 +1,66 @@
Snort Compatibility
===================
.. contents::
Keyword: content
----------------
*Versions affected: All versions prior to 3.0.*
Prior to Suricata 3.0, the argument provided to the content keyword
cannot be longer than 255 characters like it can in Snort.
Suricata 3.0 and newer can accept content arguments longer than 255
characters.
See:
* https://redmine.openinfosecfoundation.org/issues/1281
* https://github.com/inliniac/suricata/pull/1475
Keyword: urilen
---------------
*Versions affected: all*
In Snort the urilen range is inclusive, in Suricata it is not.
Example::
urilen:5<>10
In Snort the above will match URIs that are greater than and equal to
5 and less than and equal to 10. *Note that this is not what is
documented in the Snort manual.*
In Suricata the above will match URIs that are greater than 5 and less
than 10, so it will only mathch URIs that are 6, 7, 8, and 9 bytes
long.
See:
* https://redmine.openinfosecfoundation.org/issues/1416
Keyword: isdataat
-----------------
*Versions affected: all*
``isdataat`` is off by one from Snort. In Snort the offset starts at 0
where Suricata starts at 1.
Keyword: flowbits
-----------------
*Versions affected: all prior to 2.0.9*
Versions of Suricata prior to 2.0.9 treated leading and trailing
whitespace in flowbit names as part of the flowbit name where Snort
does not.
This was fixed in Suricata 2.0.9.
See:
* https://redmine.openinfosecfoundation.org/issues/1481
Write Preview
Loading…
Cancel
Save