[Bro] Signatures

[Seth Hall]

On Feb 9, 2011, at 11:05 AM, David Rodrigues wrote:

> I had to stop bro to get the results...


Ah, Bro buffers file writes so you have two options (one which you've already found).

* Quit Bro so that files are flushed and closed.
* Disable the buffering on the file you are interested in -- set_buf(sig_file, F);

  .Seth

--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/