Using snort signatures in Bro

Hello all,

I need to compare how bro and snort handle attacks in traffic captures.
I have my snort "sig" files, but I don't know the proper syntax of the
command line statement.

I used snort2bro to read my snort.conf file and the result was a file
with a number of bro signatures that I called snort.sig:

signature sid-xxx {

Can anyone help? I am using bro 0.8. I need to call the .sig file and
read my tcpdump capture file at the same time.

Florida Tech

Try something like this (assuming snort.sig being in your current

    bro -r trace -s ./snort.sig site snort signatures

(Don't forget to adapt site.bro to your local environment).