[Bro] broctl and filtering
James Lay
jlay at slave-tothe-box.net
Fri Sep 20 14:12:53 PDT 2013
On 2013-09-20 14:39, Daniel Thayer wrote:
> On 09/20/2013 08:13 AM, James Lay wrote:
>> Hey all…trying to pass this:
>>
>> broargs = --filter not ip6
>>
>> a few different ways, but I'm not having much luck:
>>
>> broargs = --filter not ip6
>> broargs = --filter 'not ip6'
>> broargs = --filter "not ip6"
>>
>> ==== stderr.log
>> error: can't open ip6
>>
>> or
>>
>> ==== stderr.log
>> /usr/local/bro/share/broctl/scripts/broctl-config.sh: line 67: ip6:
>> command not found
>> error: can't open ip6
>>
>> ==== .cmdline
>> -i eth1 -U .status -p broctl -p broctl-live -p standalone -p local
>> -p bro local.bro broctl broctl/standalone broctl/auto --filter not ip6
>>
>> Any hints on how to pass the filter the right way? Thanks all.
>>
>> James
>
> You need to quote the value of the --filter option like this:
>
> broargs = --filter 'not ip6'
>
> There was a bug that was preventing this from working.
> If you look in <prefix>/share/broctl/scripts (<prefix>
> is your Bro install prefix), you can patch the following
> scripts:
>
Wow thanks a TON Daniel....patched up and good to go :)
James
More information about the Bro
mailing list