I am trying to test how the signature engine works with snort rules.What I do is
loading http-request.bro and snort.bro, adding "redef signature_files +=
snort-default.sig;" in the latter and visiting the host by
"http://……/etc/passwd".But there is still no rule matching.
I find that in the function of Match in class RuleMatcher,
"m->state->Match((const u_char*) data, data_len, bol, eol)" still returns
false.Would you please tell what's wrong?
Show replies by date