[Bro] Bro restrict filters question

Edgmand, Craig craig.edgmand at okstate.edu
Tue Jun 13 07:59:18 PDT 2017


I am running Bro 2.5 and I am trying to set up some restrict_filters to drop certain hosts and types of traffic.
I have the following entries in my local.bro..

redef PacketFilter::enable_auto_protocol_capture_filters = F;
redef capture_filters = { ["packets-like-this"] = "ip or not ip" };
redef restrict_filters = { ["no-data-like-this"] = "not host" };

I had something similar in earlier versions of Bro that seemed to work but this doesn't work at all.

When I run ./broctl print restrict_filters  it shows that the workers have that filter.

Any ideas?


Craig Edgmand
Oklahoma State University
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170613/b6b679e1/attachment.html 

More information about the Bro mailing list