[Bro] Adapting packet filter in stand-alone cluster
Tyler T. Schoenke
Tyler.Schoenke at colorado.edu
Thu Apr 16 15:01:31 PDT 2009
I am getting started with Bro, and am using Robin's 1.4 stand-alone
cluster branch. I was trying to detect some IRC traffic using DPD, but
realized that it was being filtered. In the Workshop 2009 materials, it
mentioned adapting the packet filter by adding the -f "tcp". I tried
that, tested it on my pcap file, and it worked. How do I enable/disable
the -f "tcp" option in the cluster configuration?
Tyler
--
Tyler Schoenke
IT Security Office
University of Colorado - Boulder
More information about the Bro
mailing list