[Bro] Adapting packet filter in stand-alone cluster
Seth Hall
hall.692 at osu.edu
Thu Apr 16 19:39:42 PDT 2009
On Apr 16, 2009, at 6:01 PM, Tyler T. Schoenke wrote:
> How do I enable/disable the -f "tcp" option in the cluster
> configuration?
You can do it from your policy script.
In policy/local/local.bro (assuming you're using everything as it
ships)...
redef capture_filters = { ["all-ip-packets"] = "ip or ip6" };
.Seth
---
Seth Hall
Network Security - Office of the CIO
The Ohio State University
Phone: 614-292-9721
More information about the Bro
mailing list