[Bro] signature configuration
shrtsns at gmail.com
Mon Dec 22 00:25:16 PST 2014
Hi Jon, Thanks for quick reply. Now I could able to generate signatures in
signature log files by using @load-sigs. But I got stuck with another
problem i.e., *specifing an payload for "raw packet data"..*?
I had tried with following simple code "*payload /\x14\x03/* " but logs are
not generating even if our traffics are having same payloads.
Can you suggect me how to over come this issue..
On Fri, Dec 19, 2014 at 8:54 PM, Siwek, Jon <jsiwek at illinois.edu> wrote:
> > On Dec 19, 2014, at 5:52 AM, Sharath SN <shrtsns at gmail.com> wrote:
> > Can anyone suggest me how to add our own signatures.
> Are you using the “@load-sigs” directive in a script or giving the “-s”
> flag to bro on the command line to tell it to use the custom signature
> file? More documentation on signatures here:
> - Jon
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro