Tom OBrion hammadog at gmail.com
Wed Aug 8 08:38:07 PDT 2012

Sent this off to the SecurityOnion group, but probably should have
sent it here.   Oopsy!


Please....I know I must be doing something noobish...but man, I have
tried it 15 ways to Sunday and no love.

editing:  /nsm/bro/spool/policy/site/local.bro

added "redef cmd_line_bpf_filter = "not src host ipaddress";

I want to tweak a tad more based on dst port, but need to at least get
the filter working for the IP.

I then do a check/install/restart

I watch BRO dns.log for the for the IP I added and she shows up.  What
the heck am I missing?

Any help much appreciated.

