[Bro] Some BPF love....
Justin Azoff
JAzoff at albany.edu
Thu Aug 9 08:15:09 PDT 2012
On Thu, Aug 09, 2012 at 08:38:58AM -0600, Tyler T. Schoenke wrote:
> I've only briefly tested SecurityOnion, but in vanilla Bro, you would
> add something like this to local.bro. That file is located under
> $BROHOME/share/bro/site.
>
> redef restrict_filters += { ["host exemptions"] = "not (host 4.2.2.2)" };
Might also need
redef PacketFilter::all_packets = F; # don't capture all packets
--
-- Justin Azoff
-- Network Security & Performance Analyst
More information about the Bro
mailing list