doc: add by_either to suppress explanation

author Victor Julien <victor@inliniac.net>

Thu, 29 Mar 2018 13:31:47 +0000 (15:31 +0200)

committer Victor Julien <victor@inliniac.net>

Mon, 16 Jul 2018 10:47:52 +0000 (12:47 +0200)
author Victor Julien <victor@inliniac.net>
Thu, 29 Mar 2018 13:31:47 +0000 (15:31 +0200)
committer Victor Julien <victor@inliniac.net>
Mon, 16 Jul 2018 10:47:52 +0000 (12:47 +0200)
diff --git a/doc/userguide/configuration/global-thresholds.rst b/doc/userguide/configuration/global-thresholds.rst

index adb5cb8b47fec7317a15d07ae22e850d70bbd896..2ec4cbfb03ab03262223f3c0b89cbb1da906c2b5 100644 (file)
--- a/doc/userguide/configuration/global-thresholds.rst
+++ b/doc/userguide/configuration/global-thresholds.rst
@@ -113,7 +113,7 @@ Syntax:
  ::
  
    suppress gen_id <gid>, sig_id <sid>
-  suppress gen_id <gid>, sig_id <sid>, track <by_src|by_dst>, ip <ip|subnet>
+  suppress gen_id <gid>, sig_id <sid>, track <by_src|by_dst|by_either>, ip <ip|subnet|addressvar>
  
  Examples:
  
@@ -129,6 +129,11 @@ Other possibilities/examples::
    suppress gen_id 1, sig_id 2003614, track by_src, ip 217.110.97.128/25
    suppress gen_id 1, sig_id 2003614, track by_src, ip [192.168.0.0/16,10.0.0.0/8,172.16.0.0/12]
    suppress gen_id 1, sig_id 2003614, track by_src, ip $HOME_NET
+  suppress gen_id 1, sig_id 2003614, track by_either, ip 217.110.97.128/25
+
+In the last example above, the ``by_either`` tracking means that if either
+the ``source ip`` or ``destination ip`` matches ``217.110.97.128/25`` the
+rule with sid 2003614 is suppressed.
  
  .. _global-thresholds-vs-rule-thresholds:
author	Victor Julien <victor@inliniac.net>
	Thu, 29 Mar 2018 13:31:47 +0000 (15:31 +0200)
committer	Victor Julien <victor@inliniac.net>
	Mon, 16 Jul 2018 10:47:52 +0000 (12:47 +0200)