[Bro] BPF Filter per log file or framework such as x509, SSL
lagoon7 at gmail.com
Fri Sep 18 01:28:53 PDT 2015
when activating the x509.log or bro script in local.bro, can I configure a
BPF filter to only affect x509 framework? For example I only want to have
events that the dst_host is our DMZ subnet. Can I configure that in the
x509.bro file/framework or some other bro configuration file? If so is this
a local variable called subnet or something?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro