[Bro] Trying to use different bpf filters on every worker
C. L. Martinez
carlopmart at gmail.com
Mon Feb 24 06:22:23 PST 2014
On Mon, Feb 24, 2014 at 12:07 PM, C. L. Martinez <carlopmart at gmail.com> wrote:
> Hi all,
>
> After installing my first bro cluster with one manager and three
> workers, now I need to configure different bpf filters for every bro
> worker.
>
> If I am not worng, I need to put an entry like this:
>
> redef cmd_line_bpf_filter = "ip and port 80 or port 443"; (for example)
>
> under local.bro file on every worker node. Is this correct for Bro 2.2??
>
> Thanks.
Oops, my mistake. I have modified local.bro in one of the workers:
##! Local site policy. Customize as appropriate.
##!
##! This file will not be overwritten when upgrading or reinstalling!
redef PacketFilter::enable_auto_protocol_capture_filters = F;
redef capture_filters = { ["all"] = "ip or not ip" };
redef restrict_filters = { ["not-hosts"] = "not host 10.10.1.15" };
but it doesn't works:
[BroControl] > print restrict_filters
manager restrict_filters = {
}
proxy-1 restrict_filters = {
}
worker-1 restrict_filters = {
}
[BroControl] >
What am I doing wrong??
More information about the Bro
mailing list