can anybody help me with what I thought it was a simple task but it happend to be a little more than that. I want to see an alarm when somebody is trying to browse the following URL: http://www.vasco.si/oddaljeno_delo.htm . Thanks.
This will require a two step process. First, create a custom signature looking for the URI in question. For 3.x sensors, use the STATE.HTTP engine. For 4.0 sensors, use the SERVICE.HTTP engine. You'll fill in the UriRegex with '/oddaljeno_delo.htm'. This may be all you need. However, if you want to be exact, you'll need to create an alarm filter to only match on the IP address for the website in question. Please consult the IDS documentation for information on how to do this step.