我正在尝试学习 zeek 签名
签名文件名:dns.sig
signature dns-intel{
ip-proto == udp
dst-port == 53
payload /.*life|.*bar/
event "[Suspicious DNS Query]" }
Zeek 文件名:myfirst.zeek
event signature_match (state: signature_state, msg: string, data: string) {
if (state$sig_id == "dns-intel") {
print fmt ("[Suspicious DNS query] %s", state$conn$dns$query)
}
我在第 5 行遇到错误:规则定义了两次。这里有什么问题??