[Bro] Bro restrict filters question
Edgmand, Craig
craig.edgmand at okstate.edu
Tue Jun 13 07:59:18 PDT 2017
Hello,
I am running Bro 2.5 and I am trying to set up some restrict_filters to drop certain hosts and types of traffic.
I have the following entries in my local.bro..
redef PacketFilter::enable_auto_protocol_capture_filters = F;
redef capture_filters = { ["packets-like-this"] = "ip or not ip" };
redef restrict_filters = { ["no-data-like-this"] = "not host 192.168.2.1" };
I had something similar in earlier versions of Bro that seemed to work but this doesn't work at all.
When I run ./broctl print restrict_filters it shows that the workers have that filter.
Any ideas?
Thanks,
Craig Edgmand
Oklahoma State University
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170613/b6b679e1/attachment.html
More information about the Bro
mailing list