[Bro] problem with using snort rules by bro

uday chekuri uchekuru at gmail.com
Wed Jun 25 19:39:04 PDT 2008


I am having a trace file with BID 10108. I am having converted snort rules
of version 2.3.2.by s2b. My bro version is 1.2.1. When I run bro on my pcap
file it is running with few error compiling patterns. It is not showing me
the exact rule related to 10108 BID in alarm and signature file. I think
this is due to those error compiling patterns. To solve that I tried the
solution in wiki and archive. But no luck. I am sorry for reposting the same
issue. I got no reply previously. But please help me with this issue.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20080625/c6ed9f03/attachment.html 

More information about the Bro mailing list