[Bro] Problem in using 'http-request-header' in Signatures
dhanesh at tataelxsi.co.in
Tue Sep 26 02:11:01 PDT 2006
I was trying to write signatures for detecting connections to a mail server.
'http-request-header' followed by the payload to be matched.
ip-proto == tcp
tcp state established
event "Connection to Mail server"
When I tried to start bro, I got the following error message:
"parse error at line x:" i.e., at the line where i have mentioned
I did load the analyzers.
Can anyone suggest a way to handle this problem.
More information about the Bro