From: Victor Julien Date: Thu, 12 Sep 2019 15:31:39 +0000 (+0200) Subject: doc/dotprefix: fix example rules X-Git-Tag: suricata-5.0.0-rc1~57 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6aa2d550a12d0eee5313f31960407821089fe077;p=thirdparty%2Fsuricata.git doc/dotprefix: fix example rules --- diff --git a/doc/userguide/rules/transforms.rst b/doc/userguide/rules/transforms.rst index 204aaef60e..593e52853c 100644 --- a/doc/userguide/rules/transforms.rst +++ b/doc/userguide/rules/transforms.rst @@ -30,7 +30,7 @@ adding the dot allows ``google.com`` to match against ``content:".google.com"`` Example:: - alert http any any -> any any (dns.query; dotprefix; \ + alert dns any any -> any any (dns.query; dotprefix; \ content:".microsoft.com"; sid:1;) This example will match on ``windows.update.microsoft.com`` and @@ -38,7 +38,7 @@ This example will match on ``windows.update.microsoft.com`` and This rule can be used to match on the domain only; example:: - alert http any any -> any any (dns.query; dotprefix; \ + alert dns any any -> any any (dns.query; dotprefix; \ content:".microsoft.com"; endswith; sid:1;) This example will match on ``windows.update.microsoft.com`` but not @@ -46,7 +46,7 @@ This example will match on ``windows.update.microsoft.com`` but not Finally, this rule can be used to match on the TLD only; example:: - alert http any any -> any any (dns.query; dotprefix; \ + alert dns any any -> any any (dns.query; dotprefix; \ content:".co.uk"; endswith; sid:1;) This example will match on ``maps.google.co.uk`` but not