[Bro] Signature payload matching
rodrigue.alahassa at gmail.com
Fri Jul 8 13:40:33 PDT 2011
What I wondered is why nothing is reported for test.sig.
The payload is not the same, I do agree. But I don't understand why it
failed to detect it in the trafic.
Thanks in advance.
On Fri, Jul 8, 2011 at 12:09 AM, Robin Sommer <robin at icir.org> wrote:
> On Thu, Jul 07, 2011 at 19:30 +0200, you wrote:
> > The tar files are those related to the output of bro with their according
> > signature.
> The matches reported in auto/signatures.log and auto/notices.log are
> the same as far as I can see. And I don't see any reported in test/*.
> So not sure what the problem is?
> Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org
> ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org
SLt COC ALAHASSA
Professeur Georges LEMAITRE
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro