You are right. It created a file named signatures.log in the current
working directory (not in the log directory). However, it's empty :(
Do I need to do something else?
On Wed, Feb 9, 2011 at 4:05 PM, Seth Hall <seth(a)icir.org> wrote:
On Feb 9, 2011, at 9:40 AM, David Rodrigues wrote:
1297262131.735271 SensitiveSignature 192.168.1.60: my signature
So the signature is triggered. However no file is created.
Am I missing something? I have read a lot of information and I didn't
I'm assuming you're loading the signatures.bro script? If you are, it should
be creating a file named signatures.log in the current working directory.
BTW, the Bro Reference Manual refers the Bro
signatures_files. However it seems that the correct one is
signature_files. Am I wrong?
Sorry about that. Much of that documentation will be going away before too long. We
just started on a fairly major project to improve Bro and documentation is included in
that, but we're in-progress on a lot of things at the moment.
You are right though, it's signature_files. :)
International Computer Science Institute
(Bro) because everyone has a network