[Bro] signature match
Robin Sommer
robin at icir.org
Wed Nov 29 19:05:31 PST 2006
On Wed, Nov 29, 2006 at 17:40 +0530, Jai Prakash D R wrote:
> Once a signature is matched i want to get the rule->ID( ) of that signature.
The method RuleMatcher::ExecRuleActions() might be the best entry
point for you. It's called when a signature matches for the first
time on a certain connection, and triggers actions like raising the
signature_match event.
Depending on what exactly you want to do, you may also consider a
writing a new RuleAction. See class RuleActionEvent as an example.
Robin
--
Robin Sommer * Phone +1 (510) 931-5555 * robin at icir.org
LBNL/ICSI * Fax +1 (510) 666-2956 * www.icir.org
More information about the Bro
mailing list