[Bro] Using snort signatures in Bro

Robin Sommer sommer at in.tum.de
Sun Nov 7 23:42:05 PST 2004

On Sun, Nov 07, 2004 at 21:23 -0500, Bryan wrote:

> Can anyone help? I am using bro 0.8. I need to call the .sig file and
> read my tcpdump capture file at the same time.

Try something like this (assuming snort.sig being in your current

    bro -r trace -s ./snort.sig site snort signatures

(Don't forget to adapt site.bro to your local environment).

Robin Sommer * Room        01.08.055 * www.net.in.tum.de
TU Muenchen  * Phone (089) 289-18006 *  sommer at in.tum.de 

More information about the Bro mailing list