Using snort signatures in Bro

Hello all,

I need to compare how bro and snort handle attacks in traffic captures.
I have my snort "sig" files, but I don't know the proper syntax of the
command line statement.

I used snort2bro to read my snort.conf file and the result was a file
with a number of bro signatures that I called snort.sig:

signature sid-xxx {
  :
  :
}

Can anyone help? I am using bro 0.8. I need to call the .sig file and
read my tcpdump capture file at the same time.

Thanks,
Bryan
Florida Tech

Try something like this (assuming snort.sig being in your current
directory):

    bro -r trace -s ./snort.sig site snort signatures

(Don't forget to adapt site.bro to your local environment).
    
Robin