[Bro] Some BPF love....
Tom OBrion
hammadog at gmail.com
Wed Aug 8 08:38:07 PDT 2012
Sent this off to the SecurityOnion group, but probably should have
sent it here. Oopsy!
Anyway
Please....I know I must be doing something noobish...but man, I have
tried it 15 ways to Sunday and no love.
editing: /nsm/bro/spool/policy/site/local.bro
added "redef cmd_line_bpf_filter = "not src host ipaddress";
I want to tweak a tad more based on dst port, but need to at least get
the filter working for the IP.
I then do a check/install/restart
I watch BRO dns.log for the for the IP I added and she shows up. What
the heck am I missing?
Any help much appreciated.
--
Tom O'Brion
Twitter: @tobrion
"Life is too short to spend time with people who suck the happy out of you."
More information about the Bro
mailing list