<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 10pt;
font-family:Tahoma
}
--></style>
</head>
<body class='hmmessage'><div dir='ltr'>
Yes. This is the last line of fast.log : <br><br>08/30/2011-11:00:01.219120  [**] [1:366:7] GPL ICMP_INFO PING *NIX [**] [Classification: Misc activity] [Priority: 3] {ICMP} 172.18.5.10:8 -> 172.18.8.6:0<br><br>Thx Victor.<br><br><div>> Date: Tue, 30 Aug 2011 11:07:34 +0200<br>> From: victor@inliniac.net<br>> To: oisf-users@openinfosecfoundation.org<br>> Subject: Re: [Oisf-users] Suricata / only public trafic<br>> <br>> On 08/30/2011 11:03 AM, Amrith Z wrote:<br>> > <br>> > Thx for answering!<br>> > <br>> > <br>> > <br>> > I changed the bpf filter the way you said it, and I have still logs from my internal network.<br>> <br>> Can you post an alert from the fast.log?<br>> <br>> Regards,<br>> Victor<br>> <br>> -- <br>> ---------------------------------------------<br>> Victor Julien<br>> http://www.inliniac.net/<br>> PGP: http://www.inliniac.net/victorjulien.asc<br>> ---------------------------------------------<br>> <br>> _______________________________________________<br>> Oisf-users mailing list<br>> Oisf-users@openinfosecfoundation.org<br>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users<br></div>                                    </div></body>
</html>