[Bro] Help

rahul rakesh rahulbroids at gmail.com
Mon Feb 5 20:59:58 PST 2018

Dear Team,
i am a noob to working with broids need some help with the signature framework
i have created a .sig file as shown in the document-

signature my-first-sig {
    ip-proto == tcp
    dst-port == 80
    payload /.*root/
    event "Found root!"

and loading this signature using /base/init-bare.bro using the
@load-sig directive

also included /frameworks/signature/main.bro in local.bro script

then running bro using broctl and command deploy

after that sending any packet matching that signature is not creating
any signature.log

or notice.log

Please guide me


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180206/d3754ea6/attachment.html 

More information about the Bro mailing list