[Bro] signature configuration

Sharath SN shrtsns at gmail.com
Mon Dec 22 00:25:16 PST 2014


Hi Jon, Thanks for quick reply. Now I could able to generate signatures in
signature log files by using @load-sigs. But I got stuck with another
problem i.e., *specifing an payload for "raw packet data"..*?
I had tried with following simple code "*payload /\x14\x03/* " but logs are
not generating even if our traffics are having same payloads.

Can you suggect me how to over come this issue..

On Fri, Dec 19, 2014 at 8:54 PM, Siwek, Jon <jsiwek at illinois.edu> wrote:

>
> > On Dec 19, 2014, at 5:52 AM, Sharath SN <shrtsns at gmail.com> wrote:
> >
> > Can anyone suggest me how to add our own signatures.
>
> Are you using the “@load-sigs” directive in a script or giving the “-s”
> flag to bro on the command line to tell it to use the custom signature
> file?  More documentation on signatures here:
>
> https://www.bro.org/sphinx/frameworks/signatures.html
>
> - Jon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20141222/2e3bc791/attachment.html 


More information about the Bro mailing list