neslog at gmail.com
Thu Feb 10 06:54:33 PST 2011
Not sure within poicy but you may want to try tcpreplay and set to
generate the traffic at wire speed instead of disk I/O.
On 2/10/11, David Rodrigues <david.network.security at gmail.com> wrote:
> using @load file-flush (with a dash) worked :)
> But now I'm running into another problem.
> The signature is only triggered once for the same host and for a given
> period of time.
> Is there a way to report every single signature match?
> On Wed, Feb 9, 2011 at 7:20 PM, Seth Hall <seth at icir.org> wrote:
>> On Feb 9, 2011, at 1:14 PM, Neslog wrote:
>>> How about the file_flush.bro? When I'm testing I lod that one with a
>>> short time inerval.
>> Good catch. I had a nagging feeling that I was missing something.
>> Seth Hall
>> International Computer Science Institute
>> (Bro) because everyone has a network
>> Bro mailing list
>> bro at bro-ids.org
Sent from my mobile device
More information about the Bro