snort rules

廖章军 liaozj at
Wed May 26 19:28:48 PDT 2004

    I am trying to test how the signature engine works with snort rules.What I do is loading http-request.bro and snort.bro, adding "redef signature_files += snort-default.sig;" in the latter and visiting the host by "http://……/etc/passwd".But there is still no rule matching.
	I find that in the function of Match in class RuleMatcher, "m->state->Match((const u_char*) data, data_len, bol, eol)" still returns false.Would you please tell what's wrong?




        liaozj at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: face-1.gif
Type: image/gif
Size: 922 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20040527/00daae06/attachment.gif 

More information about the Bro mailing list