Fw: snort rules
liaozj at netpower.com.cn
Thu May 27 22:18:54 PDT 2004
> I am trying to test how the signature engine works with snort rules.What I do is loading http-request.bro and snort.bro, adding "redef signature_files += snort-default.sig;" in the latter and visiting the host by "http://……/etc/passwd".But there is still no rule matching.
> I find that in the function of Match in class RuleMatcher, "m->state->Match((const u_char*) data, data_len, bol, eol)" still returns false.Would you please tell what's wrong?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 922 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20040528/4be995a3/attachment.gif
More information about the Bro