[Bro] Using snort signatures in Bro

Bryan bpatters at fit.edu
Sun Nov 7 18:23:34 PST 2004


Hello all,

I need to compare how bro and snort handle attacks in traffic captures.
I have my snort "sig" files, but I don't know the proper syntax of the
command line statement.

I used snort2bro to read my snort.conf file and the result was a file
with a number of bro signatures that I called snort.sig:

signature sid-xxx {
	:
	:
}

Can anyone help? I am using bro 0.8. I need to call the .sig file and
read my tcpdump capture file at the same time.

Thanks,
Bryan
Florida Tech





More information about the Bro mailing list