[Bro] multiple logs for a signature

Jai Prakash D R jprakash at tataelxsi.co.in
Wed Nov 29 02:44:36 PST 2006


I am working on bro-0.9, fedora machine. I want to generate logs using
signatures the entire communication during a session.
Due to the following check in RuleMatcher.cc

           // Skip if rule already fired for this connection.
	if ( state->matched_rules.is_member(r->Index()) )

i was getting only one log per signature, though it matches second time its
not giving me log.

I tried uncomminting the above two lines, though i am getting logs when ever
it matches i am also getting the logs
for other signatuers which were earlier logged. 

say for ex: i have Signature-1 and Signature-2.

first time Signature-1 is matched and i get a log for Signature-1.
secont time when a packet is matched for Signature-2 i am getting log
for Signature-1 and Signature-2 as well.

Please help me to resolve this issue.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: winmail.dat
Type: application/ms-tnef
Size: 1812 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20061129/e0d66d2b/attachment.bin 

More information about the Bro mailing list