8.37. NFS Keywords
8.37.1. file.name
The file.name keyword can be used at the NFS application level.
Signature Example:
alert nfs any any -> any any (msg:"NFS file.name usage"; classtype:bad-unknown; sid:1; rev:1;)
For additional information on the file.name keyword, see File Keywords.
8.37.2. nfs_procedure
This keyword allows to match the nfs procedure by its type (integer).
nfs_procedure uses unsigned 32-bit integer.
It is also possible to specify the string values for NFSv3 or NFSv4 procedures.
nfs_procedure: getattr will match like nfs_procedure: 1; nfs.version: <4;
or nfs_procedure: 9; nfs.version: >=4;
Unlike the other keywords, the usage of range is inclusive.
Syntax:
nfs_procedure:(mode) <number or string>