[Bro-Dev] [JIRA] (BIT-1478) BPF Filter for local.bro per activated log file
Johanna Amann (JIRA)
jira at bro-tracker.atlassian.net
Thu Sep 17 15:26:00 PDT 2015
[ https://bro-tracker.atlassian.net/browse/BIT-1478?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Johanna Amann updated BIT-1478:
-------------------------------
Resolution: Invalid
Status: Closed (was: Open)
> BPF Filter for local.bro per activated log file
> -----------------------------------------------
>
> Key: BIT-1478
> URL: https://bro-tracker.atlassian.net/browse/BIT-1478
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: Bro
> Affects Versions: 2.3, 2.4
> Environment: linux, mac osx,
> Reporter: Lu Goon
> Labels: analyzer,, ssl,, x509
>
> when activating the x509.log or bro script in local.bro, can I configure a BPF filter to only affect x509? For example I only want to have events that the dust_host is our DMZ subnet. Can I configure that in the x509.bro file or some other bro configuration file?
--
This message was sent by Atlassian JIRA
(v7.0.0-OD-05-005#70102)
More information about the bro-dev
mailing list