[Bro] LogExpireInterval not respected?

Jesse Bowling jessebowling at gmail.com
Wed Feb 13 17:19:21 PST 2013 

I seem to remember trying to quote it at first, but then found that this
worked:

interface=p2p1\;p2p2\;p2p3\;p2p4

Cheers,

Jesse

On Wed, Feb 13, 2013 at 6:25 PM, Daniel Thayer <dnthayer at illinois.edu>wrote:

> On 02/13/2013 11:55 AM, Jesse Bowling wrote:
>
>>
>>
>> On Wed, Feb 13, 2013 at 12:46 PM, Seth Hall <seth at icir.org
>> <mailto:seth at icir.org>> wrote:
>>
>>
>>     On Feb 13, 2013, at 12:30 PM, Jesse Bowling <jessebowling at gmail.com
>>     <mailto:jessebowling at gmail.com**>> wrote:
>>
>>      > I can surmise the problem: Because my interface specification
>>     requires the use of ';', bash is breaking the command up before it
>>     should and capstats doesn't know it should quit...The format I'm
>>     using (p2p1;p2p2;p2p3;p2p4) is making use of PF_RING to listen to
>>     all these interfaces simultaneously. For snort I have to quote it to
>>     prevent it being broken up and I suspected something similar is
>>     required here as well.
>>
>>     Woah!  PF_RING lets you sniff multiple interfaces that way?  If you
>>     give that same value to tcpdump (while using the pf_ring libpcap
>>     wrapper) does it work there too?
>>
>>        .Seth
>>
>>
>> That is my understanding. Anything built against PF_RING's libpcap can
>> use the notation...However, now that I've put it out on the internet and
>> it's not apparently common knowledge, I'm doubting myself... ;)
>>
>> As a reference, straight from (one of) the horses mouths:
>> http://lists.ntop.org/**pipermail/ntop-misc/2012-**August/003128.html<http://lists.ntop.org/pipermail/ntop-misc/2012-August/003128.html>
>>
>> Cheers,
>>
>> Jesse
>>
>
>
> I'm curious how you're getting things working with semicolons in the
> interface name.  Do you have a line like this in your node.cfg:
>
> interface=p2p1;p2p2;p2p3;p2p4
>
>
>


-- 
Jesse Bowling
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20130213/b2a48ca7/attachment.html

More information about the Bro mailing list