Merge pull request #1759 in SNORT/snort3 from ~MASHASAN/snort3:doc_rewrite to master

Squashed commit of the following:

commit 5cc735dc0f949db2a177f35e6d45533a54122a8d
Author: Masud Hasan <mashasan@cisco.com>
Date:   Mon Sep 23 14:12:29 2019 -0400

    doc: Adding Snort2Lua note on ips rule action rewrite

diff --git a/doc/snort2lua.txt b/doc/snort2lua.txt
index 0c763d499d4cf27ee3563d14218f6182afb6c3b5..ff22f74c6ba88e5465aa58da4f5df4b3d6a25dd0 100644 (file)
--- a/doc/snort2lua.txt
+++ b/doc/snort2lua.txt
@@ -103,6 +103,12 @@ include::snort2lua_cmds.txt[]
    rejects in the main file.  The two numbers will eventually be combined
    into one output.
 
+*  If the original configuration contains a replace rule with alert action,
+   Snort2Lua won’t translate the rule from alert to rewrite action. It will
+   keep the action as alert, which does not actually replace the content in
+   Snort 3. To replace content, the rule action needs to be rewrite, which
+   can be added manually or by tooling.
+
 === Usage
 
 Snort2Lua is included in the Snort 3 distribution. The Snort2Lua source