[Bro] BPF Filter per log file or framework such as x509, SSL
Ludwig Goon
lagoon7 at gmail.com
Fri Sep 18 01:28:53 PDT 2015
when activating the x509.log or bro script in local.bro, can I configure a
BPF filter to only affect x509 framework? For example I only want to have
events that the dst_host is our DMZ subnet. Can I configure that in the
x509.bro file/framework or some other bro configuration file? If so is this
a local variable called subnet or something?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150918/401f1a2c/attachment.html
More information about the Bro
mailing list