[Bro] signature match

Jai Prakash D R jprakash at tataelxsi.co.in
Wed Nov 29 04:10:46 PST 2006


 I am working with bro-0.9 signatuers. Please let me know where exactly the
packets is being compared against the all the available signatuers.
Once a signature is matched i want to get the rule->ID( ) of that signature.

When i am using the below piece of code from RuleMatcher.cc
                        loop_over_list(accepted, i)
		  Rule* r = Rule::rule_table[accepted[i] - 1];

                          #ifdef MATCHER_PRINT_DEBUG
		     fprintf(stderr, "%.06f Checking rule: %s\n",
network_time, r->id);

the rule->id's of previously matched signatues are bing displayed.

please help me in this regard.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: winmail.dat
Type: application/ms-tnef
Size: 1720 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20061129/300762f8/attachment.bin 

More information about the Bro mailing list