You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We’ll use this ability to check its core rules anomaly score in the logging phase of the request. If it is 5 or higher (corresponding to an alarm or the critical level), we set the variable ip.logflag and via expirevar give it an expiration of 600 seconds. This means that this variable remains in the IP collection for ten minutes and then disappears on its own automatically. This mechanism is repeated for the outgoing anomaly score in the subsequent rule.
Where is that in the configuration?
Does expirevar:ip.logflag=600 do both at the same time?
The text was updated successfully, but these errors were encountered:
Where is that in the configuration?
Does
expirevar:ip.logflag=600
do both at the same time?The text was updated successfully, but these errors were encountered: