[Bro] Signatures

David Rodrigues david.network.security at gmail.com
Wed Feb 9 06:40:22 PST 2011


Hi all,

I'm trying Bro Ids for the very first time.

I want to have a log file where I can see which signatures have been triggered.

So I have created a very simple signature and check if it is triggered
with --debug-rules.

Result:
1297262131.735271 SensitiveSignature 192.168.1.60: my signature

So the signature is triggered. However no file is created.

Am I missing something? I have read a lot of information and I didn't
find anything.

BTW, the Bro Reference Manual refers the Bro variable
signatures_files. However it seems that the correct one is
signature_files. Am I wrong?

Many thanks,

David



More information about the Bro mailing list