[Bro] LogExpireInterval not respected?
Jesse Bowling
jessebowling at gmail.com
Wed Feb 13 09:55:40 PST 2013
On Wed, Feb 13, 2013 at 12:46 PM, Seth Hall <seth at icir.org> wrote:
>
> On Feb 13, 2013, at 12:30 PM, Jesse Bowling <jessebowling at gmail.com>
> wrote:
>
> > I can surmise the problem: Because my interface specification requires
> the use of ';', bash is breaking the command up before it should and
> capstats doesn't know it should quit...The format I'm using
> (p2p1;p2p2;p2p3;p2p4) is making use of PF_RING to listen to all these
> interfaces simultaneously. For snort I have to quote it to prevent it being
> broken up and I suspected something similar is required here as well.
>
> Woah! PF_RING lets you sniff multiple interfaces that way? If you give
> that same value to tcpdump (while using the pf_ring libpcap wrapper) does
> it work there too?
>
> .Seth
>
>
That is my understanding. Anything built against PF_RING's libpcap can use
the notation...However, now that I've put it out on the internet and it's
not apparently common knowledge, I'm doubting myself... ;)
As a reference, straight from (one of) the horses mouths:
http://lists.ntop.org/pipermail/ntop-misc/2012-August/003128.html
Cheers,
Jesse
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro-ids.org/
>
>
--
Jesse Bowling
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20130213/f94ee551/attachment.html
More information about the Bro
mailing list