Snort signature

Antonatos Spiros antonat@ics.forth.gr
Tue, 19 Nov 2002 18:31:08 +0200 (EET)


thanks for your interest. i didn't see the -s option :) and i was giving
the rules file as a policy script. BTW, bro performs strings searching
by using an automaton?

Antonatos Spiros


On Tue, 19 Nov 2002, Robin Sommer wrote:

>
> On Tue, Nov 19, 2002 at 16:51 +0100, Robin Sommer wrote:
>
> > Currently, snort2bro needs a full Snort configuration (snort.cfg)
> > incl. variable definitions. Perhaps you've tried to convert only the
> > signatures themselves without the surrounding definitions given in
> > snort.cfg?
>
> In addition (because, as it seems, it's not snort2bro which
> complains but Bro itself): How did you call Bro? You need to specify
> the converted signature file via the -s option as it's not a Bro
> policy script.
>
> Eventually, I will write some documentation of the signature
> engine...
>
> Robin
>
> --
> Robin Sommer * Room        01.08.055 *
> TU Munich    * Phone (089) 289-18006 * sommer@in.tum.de
>