[Bro] Signatures
David Rodrigues
david.network.security at gmail.com
Thu Feb 10 01:57:47 PST 2011
Thanks,
using @load file-flush (with a dash) worked :)
But now I'm running into another problem.
The signature is only triggered once for the same host and for a given
period of time.
Is there a way to report every single signature match?
On Wed, Feb 9, 2011 at 7:20 PM, Seth Hall <seth at icir.org> wrote:
>
> On Feb 9, 2011, at 1:14 PM, Neslog wrote:
>
>> How about the file_flush.bro? When I'm testing I lod that one with a
>> short time inerval.
>
>
> Good catch. I had a nagging feeling that I was missing something.
>
> .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro-ids.org/
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
More information about the Bro
mailing list