Hi,
I am working on bro-0.9, fedora machine. I want to generate logs using
signatures the entire communication during a session.
Due to the following check in RuleMatcher.cc
// Skip if rule already fired for this connection.
if ( state->matched_rules.is_member(r->Index()) )
continue;
i was getting only one log per signature, though it matches second time its
not giving me log.
I tried uncomminting the above two lines, though i am getting logs when ever
it matches i am also getting the logs
for other signatuers which were earlier logged.
say for ex: i have Signature-1 and Signature-2.
first time Signature-1 is matched and i get a log for Signature-1.
secont time when a packet is matched for Signature-2 i am getting log
for Signature-1 and Signature-2 as well.
Please help me to resolve this issue.
Regards
Prakash.