[Bro] LogExpireInterval not respected?
seth at icir.org
Wed Feb 13 09:46:05 PST 2013
On Feb 13, 2013, at 12:30 PM, Jesse Bowling <jessebowling at gmail.com> wrote:
> I can surmise the problem: Because my interface specification requires the use of ';', bash is breaking the command up before it should and capstats doesn't know it should quit...The format I'm using (p2p1;p2p2;p2p3;p2p4) is making use of PF_RING to listen to all these interfaces simultaneously. For snort I have to quote it to prevent it being broken up and I suspected something similar is required here as well.
Woah! PF_RING lets you sniff multiple interfaces that way? If you give that same value to tcpdump (while using the pf_ring libpcap wrapper) does it work there too?
International Computer Science Institute
(Bro) because everyone has a network
More information about the Bro