I found this comment in RuleMatcher.cc.
// - Sometimes, the signature match event is generated after a
// connection_finished (or similar) event. Using the default ru
les.bro,
// this means that we will not see the rule id in the connectio
n summary.
I wanted to fix this bug. Can somebody tell me what's the basic problem
here... and any hints on the approach?
I'm new to Bro regex matching code... so any documentation in
understanding how Bro regex matching works would help too.
thanks
-y