alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg:"[LINUX-KERNEL] I/O error"; content: "I/O error, dev"; classtype: hardware-event; reference: url,wiki.quadrantsec.com/bin/view/Main/5001945; program: kernel; threshold: type limit, track by_src, count 5, seconds 300; sid: 5001945; rev:1;)
-- Main.Sagan-Wiki-Add - 2015-10-21 New revisions of 5001945 will be below...
alert syslog $EXTERNAL_NET any -> $HOME_NET any (msg:"[LINUX-KERNEL] I/O error"; content: "I/O error, dev"; content:!"dev fd"; classtype: hardware-event; reference: url,wiki.quadrantsec.com/bin/view/Main/5001945; program: kernel; threshold: type limit, track by_src, count 5, seconds 300; sid: 5001945; rev:2;)
-- Main.Sagan-Wiki-Add - 2016-8-30
alert any $EXTERNAL_NET any -> $HOME_NET any (msg:"[LINUX-KERNEL] I/O error"; content: "I/O error, dev"; content:!"dev fd"; classtype: hardware-event; reference: url,wiki.quadrantsec.com/bin/view/Main/5001945; program: kernel; threshold: type suppress, track by_src, count 5, seconds 300; sid: 5001945; rev:3;)
-- Main.Sagan-Wiki-Add - 2021-4-12
Edit | Attach | Topic revision: r1 - 2015-10-21 - Sagan-Wiki-Add
Site map
Main web
Users
Groups
Index
Search
Changes
Notifications
RSS Feed
Statistics
Preferences
Copyright © 2008-2021 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback