[Bro] Help
rahul rakesh
rahulbroids at gmail.com
Mon Feb 5 20:59:58 PST 2018
Dear Team,
i am a noob to working with broids need some help with the signature framework
i have created a .sig file as shown in the document-
signature my-first-sig {
ip-proto == tcp
dst-port == 80
payload /.*root/
event "Found root!"
}
and loading this signature using /base/init-bare.bro using the
@load-sig directive
also included /frameworks/signature/main.bro in local.bro script
then running bro using broctl and command deploy
after that sending any packet matching that signature is not creating
any signature.log
or notice.log
Please guide me
Regards,
Rahul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180206/d3754ea6/attachment.html
More information about the Bro
mailing list