[Bro-Dev] [JIRA] (BIT-1478) BPF Filter for local.bro per activated log file

Johanna Amann (JIRA) jira at bro-tracker.atlassian.net
Thu Sep 17 15:26:00 PDT 2015

     [ https://bro-tracker.atlassian.net/browse/BIT-1478?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Johanna Amann updated BIT-1478:
    Resolution: Invalid
        Status: Closed  (was: Open)

> BPF Filter for local.bro per activated log file
> -----------------------------------------------
>                 Key: BIT-1478
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1478
>             Project: Bro Issue Tracker
>          Issue Type: Problem
>          Components: Bro
>    Affects Versions: 2.3, 2.4
>         Environment: linux, mac osx, 
>            Reporter: Lu Goon
>              Labels: analyzer,, ssl,, x509
> when activating the x509.log or bro script in local.bro, can I configure a BPF filter to only affect x509? For example I only want to have events that the dust_host is our DMZ subnet. Can I configure that in the x509.bro file or some other bro configuration file?

This message was sent by Atlassian JIRA

More information about the bro-dev mailing list