mirror of
https://github.com/zeek/zeek.git
synced 2025-10-11 11:08:20 +00:00
18 lines
317 B
Text
18 lines
317 B
Text
#
|
|
# @TEST-EXEC: bro -b -s mysig %INPUT
|
|
|
|
@TEST-START-FILE mysig.sig
|
|
signature my_ftp_client {
|
|
ip-proto == tcp
|
|
payload /(|.*[\n\r]) *[uU][sS][eE][rR] /
|
|
tcp-state originator
|
|
event "matched my_ftp_client"
|
|
}
|
|
@TEST-END-FILE
|
|
|
|
event bro_init()
|
|
{
|
|
local a = get_matcher_stats();
|
|
if ( a$matchers == 0 )
|
|
exit(1);
|
|
}
|