[Bro] Signatures
David Rodrigues
david.network.security at gmail.com
Wed Feb 9 06:40:22 PST 2011
Hi all,
I'm trying Bro Ids for the very first time.
I want to have a log file where I can see which signatures have been triggered.
So I have created a very simple signature and check if it is triggered
with --debug-rules.
Result:
1297262131.735271 SensitiveSignature 192.168.1.60: my signature
So the signature is triggered. However no file is created.
Am I missing something? I have read a lot of information and I didn't
find anything.
BTW, the Bro Reference Manual refers the Bro variable
signatures_files. However it seems that the correct one is
signature_files. Am I wrong?
Many thanks,
David
More information about the Bro
mailing list