This documentation is no longer maintained and exists for historical purposes. The current documentation is located at http://suricata.readthedocs.io/.
Compatibility with Snort (Work in progress)¶
|content|| As of Suricata 2.0.8, the content string cannot be longer than 255 characters like it can in Snort.
* Issue: https://redmine.openinfosecfoundation.org/issues/1281
* PR: https://github.com/inliniac/suricata/pull/1475
|Fixed in 2.0.9|
|urilen||In Snort, a urilen range is inclusive, as of Suricata 2.0.8, it is not.
|isdataat||isdataat is off-by-one from Snort. Snort starts at offset 0 where Suricata starts at offset 1.||All|
|flowbits|| Suricata will treat leading and trailing space in the flowbit name as part of the name. Snort does not.
* Issue: https://redmine.openinfosecfoundation.org/issues/1481
* PR: https://github.com/inliniac/suricata/pull/1539
|Fixed in 3.0|
|flow:not_established||The "not_established" flow argument is not supported in Suricata.||All|