[Bro] Some BPF love....
hammadog at gmail.com
Wed Aug 8 08:38:07 PDT 2012
Sent this off to the SecurityOnion group, but probably should have
sent it here. Oopsy!
Please....I know I must be doing something noobish...but man, I have
tried it 15 ways to Sunday and no love.
added "redef cmd_line_bpf_filter = "not src host ipaddress";
I want to tweak a tad more based on dst port, but need to at least get
the filter working for the IP.
I then do a check/install/restart
I watch BRO dns.log for the for the IP I added and she shows up. What
the heck am I missing?
Any help much appreciated.
"Life is too short to spend time with people who suck the happy out of you."
More information about the Bro