[Bro] Signatures

David Rodrigues david.network.security at gmail.com
Thu Feb 10 01:57:47 PST 2011


Thanks,

using @load file-flush (with a dash) worked :)

But now I'm running into another problem.

The signature is only triggered once for the same host and for a given
period of time.

Is there a way to report every single signature match?

On Wed, Feb 9, 2011 at 7:20 PM, Seth Hall <seth at icir.org> wrote:
>
> On Feb 9, 2011, at 1:14 PM, Neslog wrote:
>
>> How about the file_flush.bro?  When I'm testing I lod that one with a
>> short time inerval.
>
>
> Good catch.  I had a nagging feeling that I was missing something.
>
>  .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro-ids.org/
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>




More information about the Bro mailing list