[Bro] Using snort signatures in Bro
sommer at in.tum.de
Sun Nov 7 23:42:05 PST 2004
On Sun, Nov 07, 2004 at 21:23 -0500, Bryan wrote:
> Can anyone help? I am using bro 0.8. I need to call the .sig file and
> read my tcpdump capture file at the same time.
Try something like this (assuming snort.sig being in your current
bro -r trace -s ./snort.sig site snort signatures
(Don't forget to adapt site.bro to your local environment).
Robin Sommer * Room 01.08.055 * www.net.in.tum.de
TU Muenchen * Phone (089) 289-18006 * sommer at in.tum.de
More information about the Bro