search for: ruletype

Kudos all that maintain this awesome and enduring piece of software. Awesome job, many thanks. I’ve come across a use case that would greatly benefit form a —delete-older-than <secs> argument. This would behave the same as —delete only sparing files dest that have a creating time less than <secs> ago. How hard would this be to implement? Where would I start ? TIA, Francois

...p files, name_is_excluded() and its subfunctions check_filter() and rule_matches() in exclude.c You'd need to: define a new filter-type character ('R' for preserve-Recent?) define the format of the filter rule for this type e.g. how to represent the time add code to parse this new ruletype in rule_matches() decide how your new option interacts with existing filter rules (higher or lower precedence, degree of specificity, etc) add code to insert one or more rules of the new type into the filter list in appropriate positions Also: bump the protocol revision number, because an old...

...: 128) # # output alert_unified: filename snort.alert, limit 128 # output log_unified: filename snort.log, limit 128 # You can optionally define new rule types and associate one or # more output plugins specifically to that type. # # This example will create a type that will log to just tcpdump. # ruletype suspicious # { # type log # output log_tcpdump: suspicious.log # } # # EXAMPLE RULE FOR SUSPICIOUS RULETYPE: # suspicious $HOME_NET any -> $HOME_NET 6667 (msg:"Internal IRC Server";) # # This example will create a rule type that will log to syslog # and a mysql database. # ruletype...