[Bro] multiple logs for a signature
Jai Prakash D R
jprakash at tataelxsi.co.in
Wed Nov 29 02:44:36 PST 2006
I am working on bro-0.9, fedora machine. I want to generate logs using
signatures the entire communication during a session.
Due to the following check in RuleMatcher.cc
// Skip if rule already fired for this connection.
if ( state->matched_rules.is_member(r->Index()) )
i was getting only one log per signature, though it matches second time its
not giving me log.
I tried uncomminting the above two lines, though i am getting logs when ever
it matches i am also getting the logs
for other signatuers which were earlier logged.
say for ex: i have Signature-1 and Signature-2.
first time Signature-1 is matched and i get a log for Signature-1.
secont time when a packet is matched for Signature-2 i am getting log
for Signature-1 and Signature-2 as well.
Please help me to resolve this issue.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1812 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20061129/e0d66d2b/attachment.bin
More information about the Bro