1

I am trying to run bro in my bash terminal. I have got a duplicate local.bro file which i renamed as localv2.bro, and put it in my working directory /home/bibin, so its not in default path. I am just trying to do a simple signature match, therefore i have created a signature.sig file in the directory. In my localv2.bro file i have tried using both ways: 

@load-sigs ./signature

And

redef signature_files += "signature.sig

The signature.sig file has the signature my-first-sig example from bro.org site.

In the terminal when i try to execute this command:

bro -r traffic.pcap localv2.bro

I get an error message saying:

line 27: unrecognized character -

I have also tried doing it in a different route:

bro -r traffic.pcap -s signature.sig

This also gives me the same unrecognized character error.

Am i doing something wrong, please can you guide me to a solution ?

David Hoelzer
  • 15,862
  • 4
  • 48
  • 67
BiBiN
  • 11
  • 3
  • New update: bro -r traffic.pcap localvs.bro I get an error "Failed to find file associated with @load-sigs ./signature" Does this mean it cant find the path of the signature.sig file? – BiBiN Jan 24 '18 at 18:39
  • 1
    Make sure you format your code snippets as code, so your question is more clear. You might also post the entire `localv2.bro` file, instead of just a couple of lines from it. That way people can see exactly what's going on. – Zac Delventhal Jan 24 '18 at 18:47
  • @ZacDelventhal Thanks for the suggested edit. Please also make sure to remove common boilerplate like "thanks", "any help pls" etc in future edits. – tripleee Jan 24 '18 at 18:49
  • Thank you very much for your feedback! i will be careful next time :) – BiBiN Jan 24 '18 at 18:51

0 Answers0