[Bro] Signatures
Seth Hall
seth at icir.org
Wed Feb 9 07:05:02 PST 2011
On Feb 9, 2011, at 9:40 AM, David Rodrigues wrote:
> Result:
> 1297262131.735271 SensitiveSignature 192.168.1.60: my signature
>
> So the signature is triggered. However no file is created.
>
> Am I missing something? I have read a lot of information and I didn't
> find anything.
I'm assuming you're loading the signatures.bro script? If you are, it should be creating a file named signatures.log in the current working directory.
> BTW, the Bro Reference Manual refers the Bro variable
> signatures_files. However it seems that the correct one is
> signature_files. Am I wrong?
Sorry about that. Much of that documentation will be going away before too long. We just started on a fairly major project to improve Bro and documentation is included in that, but we're in-progress on a lot of things at the moment.
You are right though, it's signature_files. :)
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the Bro
mailing list