[Bro] Problem in using 'http-request-header' in Signatures
Jaya Dhanesh
dhanesh at tataelxsi.co.in
Tue Sep 26 02:11:01 PDT 2006
Hi,
I was trying to write signatures for detecting connections to a mail server.
I used
'http-request-header' followed by the payload to be matched.
signature abcd
{
ip-proto == tcp
tcp state established
event "Connection to Mail server"
http-request-header /.*mail/
}
When I tried to start bro, I got the following error message:
"parse error at line x:" i.e., at the line where i have mentioned
http-request-header.
I did load the analyzers.
Can anyone suggest a way to handle this problem.
Thanks,
Dhanesh.
More information about the Bro
mailing list