[Bro] BPF packet filter syntax
Corey Roach (ISO)
Corey.Roach at utah.edu
Wed Aug 29 12:19:36 PDT 2012
Nice! Thanks Tyler. Looks like they are there. I wonder why they don't get logged.
If I'm reading the packet-filter framework right, they see to get logged to indicate they were applied correctly. I'll have to do some functionality testing to make sure they are getting applied as well as being held in the variables, but if they are working without logging that is good enough for me at the moment.
On Aug 29, 2012, at 11:08 AM, Tyler T. Schoenke <tyler.schoenke at colorado.edu> wrote:
> You can run broctl print capture_filters or broctl print
> restrict_filters to see which filters are being loaded by the cluster.
> I never thought to check my packet_filter* log files, but looked and
> they are empty even though the filters are running.
> Tyler Schoenke
> Network Security Manager
> IT Security Office
> University of Colorado at Boulder
More information about the Bro