[Bro] broctl and filtering
Justin Azoff
JAzoff at albany.edu
Fri Sep 20 14:19:41 PDT 2013
On Fri, Sep 20, 2013 at 07:13:42AM -0600, James Lay wrote:
> Hey all…trying to pass this:
>
> broargs = --filter not ip6
> Any hints on how to pass the filter the right way? Thanks all.
in your local.bro, something like this:
redef PacketFilter::all_packets = F; # don't capture all packets
redef capture_filters = [[ "all"] = "not ip6"];
--
-- Justin Azoff
-- Network Security & Performance Analyst
More information about the Bro
mailing list