[Bro] Signature payload matching
Rodrigue ALAHASSA
rodrigue.alahassa at gmail.com
Fri Jul 8 13:40:33 PDT 2011
What I wondered is why nothing is reported for test.sig.
The payload is not the same, I do agree. But I don't understand why it
failed to detect it in the trafic.
Thanks in advance.
On Fri, Jul 8, 2011 at 12:09 AM, Robin Sommer <robin at icir.org> wrote:
>
> On Thu, Jul 07, 2011 at 19:30 +0200, you wrote:
>
> > The tar files are those related to the output of bro with their according
> > signature.
>
> The matches reported in auto/signatures.log and auto/notices.log are
> the same as far as I can see. And I don't see any reported in test/*.
> So not sure what the problem is?
>
> Robin
>
> --
> Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org
> ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org
>
--
SLt COC ALAHASSA
161 POL
Professeur Georges LEMAITRE
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20110708/7c7d0564/attachment.html
More information about the Bro
mailing list