[Bro] Adapting packet filter in stand-alone cluster

Seth Hall hall.692 at osu.edu
Thu Apr 16 19:39:42 PDT 2009


On Apr 16, 2009, at 6:01 PM, Tyler T. Schoenke wrote:

>   How do I enable/disable the -f "tcp" option in the cluster  
> configuration?

You can do it from your policy script.

In policy/local/local.bro (assuming you're using everything as it  
ships)...

redef capture_filters = { ["all-ip-packets"] = "ip or ip6" };

   .Seth

---
Seth Hall
Network Security - Office of the CIO
The Ohio State University
Phone: 614-292-9721




More information about the Bro mailing list