dataset:<cmd>,<name>,<options>;
dataset:<set|isset|isnotset>,<name> \
- [, type <string|md5|sha256>, save <file name>, load <file name>, state <file name>, memcap <size>, hashsize <size>];
+ [, type <string|md5|sha256|ipv4|ip>, save <file name>, load <file name>, state <file name>, memcap <size>, hashsize <size>];
type <type>
- the data type: string, md5, sha256
+ the data type: string, md5, sha256, ipv4, ip
load <file name>
file name for load the data when Suricata starts up
state
Syntax::
datarep:<name>,<operator>,<value>, \
- [, load <file name>, type <string|md5|sha256>, memcap <size>, hashsize <size>];
+ [, load <file name>, type <string|md5|sha256|ipv4|ip>, memcap <size>, hashsize <size>];
Example rules could look like::
set name
Name of an already defined dataset
type
- Data type: string, md5, sha256
+ Data type: string, md5, sha256, ipv4, ip
data
- Data to add in serialized form (base64 for string, hex notation for md5/sha256)
+ Data to add in serialized form (base64 for string, hex notation for md5/sha256, string representation for ipv4/ipv6)
Example adding 'google.com' to set 'myset'::
set name
Name of an already defined dataset
type
- Data type: string, md5, sha256
+ Data type: string, md5, sha256, ipv4, ip
data
- Data to remove in serialized form (base64 for string, hex notation for md5/sha256)
+ Data to remove in serialized form (base64 for string, hex notation for md5/sha256, string representation for ipv4/ipv6)
dataset-clear
~~~~~~~~~~~~~
in the file as hex encoded string
sha256
in the file as hex encoded string
+ipv4
+ in the file as string
+ip
+ in the file as string, it can be IPv6 or IPv4 address (in standard notation or in IPv4 in IPv6 one)
dataset
projects / thirdparty / suricata.git / commitdiff
