snort rules
廖章军
liaozj at netpower.com.cn
Wed May 26 19:28:48 PDT 2004
Vern,
I am trying to test how the signature engine works with snort rules.What I do is loading http-request.bro and snort.bro, adding "redef signature_files += snort-default.sig;" in the latter and visiting the host by "http://……/etc/passwd".But there is still no rule matching.
I find that in the function of Match in class RuleMatcher, "m->state->Match((const u_char*) data, data_len, bol, eol)" still returns false.Would you please tell what's wrong?
Tad
廖章军
liaozj at netpower.com.cn
2004-05-27
-------------- next part --------------
A non-text attachment was scrubbed...
Name: face-1.gif
Type: image/gif
Size: 922 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20040527/00daae06/attachment.gif
More information about the Bro
mailing list