doc/xbits: clarify noalert usage

author Shivani Bhardwaj <shivanib134@gmail.com>

Fri, 28 Jan 2022 12:13:10 +0000 (17:43 +0530)

committer Shivani Bhardwaj <shivanib134@gmail.com>

Tue, 8 Mar 2022 15:04:38 +0000 (20:34 +0530)
author Shivani Bhardwaj <shivanib134@gmail.com>
Fri, 28 Jan 2022 12:13:10 +0000 (17:43 +0530)
committer Shivani Bhardwaj <shivanib134@gmail.com>
Tue, 8 Mar 2022 15:04:38 +0000 (20:34 +0530)
diff --git a/doc/userguide/rules/xbits.rst b/doc/userguide/rules/xbits.rst

index ca48874f9ffd6e684b51e084065230be3f9c3f56..9977feb3093701f40c6c9c7629b2f17ee43d595f 100644 (file)
--- a/doc/userguide/rules/xbits.rst
+++ b/doc/userguide/rules/xbits.rst
@@ -8,8 +8,7 @@ Syntax::
      xbits:<set|unset|isset|isnotset|toggle>,<name>,track <ip_src|ip_dst|ip_pair>;
      xbits:<set|unset|isset|toggle>,<name>,track <ip_src|ip_dst|ip_pair> \
          [,expire <seconds>];
-    xbits:<set|unset|isset|toggle>,<name>,track <ip_src|ip_dst|ip_pair> \
-        [,expire <seconds>];
+    xbits:nolert;
  
  Notes
  ~~~~~
@@ -21,7 +20,7 @@ Notes
     ``track ip_dst``, if you want to match on the server response,
     you check it (``isset``) with ``track ip_src``.
  
--  To not alert, use ``noalert;``
+-  To not alert, use ``noalert`` as a standalone option to ``xbits`` just like flowbits.
  
  - the ``toggle`` option will flip the value of the xbits.
author	Shivani Bhardwaj <shivanib134@gmail.com>
	Fri, 28 Jan 2022 12:13:10 +0000 (17:43 +0530)
committer	Shivani Bhardwaj <shivanib134@gmail.com>
	Tue, 8 Mar 2022 15:04:38 +0000 (20:34 +0530)