seth at icir.org
Wed Feb 9 07:21:11 PST 2011
On Feb 9, 2011, at 10:11 AM, David Rodrigues wrote:
> You are right. It created a file named signatures.log in the current
> working directory (not in the log directory). However, it's empty :(
The log directory is used by BroControl. If you execute the bro binary on the command line, it won't have all of the nice BroControl log rotation and functionality for managing and running production Bro instances.
> Do I need to do something else?
Try loading the notice.bro script and see if you get the signature match output into the notice.log file. I'm not sure offhand why you aren't seeing the signature match in signatures.log.
International Computer Science Institute
(Bro) because everyone has a network
More information about the Bro