[Oisf-users] Suricata / only public trafic
Victor Julien
victor at inliniac.net
Tue Aug 23 07:14:20 UTC 2011
On 08/22/2011 09:37 PM, rmkml wrote:
> Thx for reply Amrith,
> ok what suricata version you use please?
> could you send a suricata starting example please?
>
> First, Im tested starting suricata v1.0.5 on pcap file with this cmd
> line (without bpf filter):
> ./suricata -c suricata.yaml -r abc.pcap
> suricata fill fast.log with a.b.c.d IP,
> ok second, Im start suricata again on same pcap file with bpf filter
> like this:
> ./suricata -c suricata.yaml -r abc.pcap 'not host a.b.c.d'
> check fast.log and NOT contains a.b.c.d IP.
> Could you test on your side please?
>
> If Im understand correctly, ticket 277 is a feature request for adding
> new '-b' option contain bpf filter in a flat file.
We followed snort/tcpdump and use the -F commandline option as well.
It's only in the git master currently though.
Cheers,
Victor
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list