From: Mike Stepanek (mstepane) Date: Tue, 24 Sep 2019 12:09:44 +0000 (-0400) Subject: Merge pull request #1759 in SNORT/snort3 from ~MASHASAN/snort3:doc_rewrite to master X-Git-Tag: 3.0.0-262~29 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=440c5f24853449cdb8b126ab25b08cae8264b30d;p=thirdparty%2Fsnort3.git Merge pull request #1759 in SNORT/snort3 from ~MASHASAN/snort3:doc_rewrite to master Squashed commit of the following: commit 5cc735dc0f949db2a177f35e6d45533a54122a8d Author: Masud Hasan Date: Mon Sep 23 14:12:29 2019 -0400 doc: Adding Snort2Lua note on ips rule action rewrite --- diff --git a/doc/snort2lua.txt b/doc/snort2lua.txt index 0c763d499..ff22f74c6 100644 --- a/doc/snort2lua.txt +++ b/doc/snort2lua.txt @@ -103,6 +103,12 @@ include::snort2lua_cmds.txt[] rejects in the main file. The two numbers will eventually be combined into one output. +* If the original configuration contains a replace rule with alert action, + Snort2Lua won’t translate the rule from alert to rewrite action. It will + keep the action as alert, which does not actually replace the content in + Snort 3. To replace content, the rule action needs to be rewrite, which + can be added manually or by tooling. + === Usage Snort2Lua is included in the Snort 3 distribution. The Snort2Lua source