[Bro] Signatures
David Rodrigues
david.network.security at gmail.com
Wed Feb 9 07:11:56 PST 2011
You are right. It created a file named signatures.log in the current
working directory (not in the log directory). However, it's empty :(
Do I need to do something else?
Thanks,
David
On Wed, Feb 9, 2011 at 4:05 PM, Seth Hall <seth at icir.org> wrote:
>
> On Feb 9, 2011, at 9:40 AM, David Rodrigues wrote:
>
>> Result:
>> 1297262131.735271 SensitiveSignature 192.168.1.60: my signature
>>
>> So the signature is triggered. However no file is created.
>>
>> Am I missing something? I have read a lot of information and I didn't
>> find anything.
>
> I'm assuming you're loading the signatures.bro script? If you are, it should be creating a file named signatures.log in the current working directory.
>
>> BTW, the Bro Reference Manual refers the Bro variable
>> signatures_files. However it seems that the correct one is
>> signature_files. Am I wrong?
>
>
> Sorry about that. Much of that documentation will be going away before too long. We just started on a fairly major project to improve Bro and documentation is included in that, but we're in-progress on a lot of things at the moment.
>
> You are right though, it's signature_files. :)
>
> .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro-ids.org/
>
>
More information about the Bro
mailing list