When I try to off-line analysis with -r option, how can I use all Bro
rules?
I just found some example about off-line, but it seems that I can apply 1
time 1 rule.
Could you let me know how all bro rules can be applied to specific tcp
rawfile?
# set up the Bro environment (sh or bash)
. /usr/local/bro/etc/bro.cfg
/usr/local/bro/bin/bro -r dumpfile backdoor.bro