[Oisf-users] problem with filestore
Victor Julien
lists at inliniac.net
Thu Mar 9 18:22:22 UTC 2017
On 09-03-17 15:25, erik clark wrote:
> I cant get filestore to work with this rule:
>
> alert tcp $external any -> $home any (msg"bleh"; file_data;
> content:"eval(function(p,a,c,k,e,d)"; fast_pattern:only; filestore;
> flowbits:isset,menu.js;....)
>
> Why cant I run filestore on this? I need to capture the entire file that
> the sig fired on, but suri says something about conflicting keywords....
Can you please include the exact error you get? Sig loads just fine here.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list