当计数为170时,应触发以下snort警报。
alert tcp any any -> any any (msg:"Web Server High Sessions Usage"; flags:S+; threshold:type threshold, track by_src, count 125, seconds 10; classtype:attempted-dos; sid:77;)
我希望在警报消息中显示计数170。例如,Web Server High Sessions Usage, XXXX 170 XXXX。有办法吗?