signature configuration


Can anyone suggest me how to add our own signatures. I had tried with below code place it in policy/framework/signature/ssl_renegotiation.sig

signature ssl_renegotiation {
ip-proto == tcp
dst-port == 443
event “ssl renegotiation”
payload /.*\x14\x03/

but signature logs are not getting generated. could you please suggest me what I’m doing wrong with this. dont mind if it is silly q’n… I’m new this bro…

Thanks for ur time,

Are you using the “@load-sigs” directive in a script or giving the “-s” flag to bro on the command line to tell it to use the custom signature file? More documentation on signatures here:

- Jon

Hi Jon, Thanks for quick reply. Now I could able to generate signatures in signature log files by using @load-sigs. But I got stuck with another problem i.e., specifing an payload for “raw packet data”…?
I had tried with following simple code "payload /\x14\x03/ " but logs are not generating even if our traffics are having same payloads.

Can you suggect me how to over come this issue…