Project

General

Profile

Support #3045

How limiting the number of alerts in the fast.log

Added by Ivan Ivanov 5 days ago. Updated 3 days ago.

Status:
Assigned
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Could you please tell me how it is possible to set up Suricata, that only one alert on one pcap-file got into the fast.log, even if the rule worked on it several times. The goal is to apply this setting to all rules at the same time.

History

#1

Updated by Andreas Herz 3 days ago

  • Status changed from New to Assigned
  • Assignee set to Community Ticket
  • Target version set to Support

Also available in: Atom PDF