[Oisf-users] Suricata / only public trafic
Victor Julien
victor at inliniac.net
Wed Aug 31 09:01:49 UTC 2011
I just tested it and it works fine for me. During startup I have the
following message:
[16395] 31/8/2011 -- 10:56:30 - (source-pcap.c:459) <Info>
(ReceivePcapThreadInit) -- using bpf-filter "not net 192.168.0.0/16"
Can you confirm you have a similar message?
Also, what versions of Suricata and libpcap are you using?
Cheers,
Victor
On 08/30/2011 01:44 PM, Amrith Z wrote:
>
> Yes. This is the last line of fast.log :
>
> 08/30/2011-11:00:01.219120 [**] [1:366:7] GPL ICMP_INFO PING *NIX [**] [Classification: Misc activity] [Priority: 3] {ICMP} 172.18.5.10:8 -> 172.18.8.6:0
>
> Thx Victor.
>
>> Date: Tue, 30 Aug 2011 11:07:34 +0200
>> From: victor at inliniac.net
>> To: oisf-users at openinfosecfoundation.org
>> Subject: Re: [Oisf-users] Suricata / only public trafic
>>
>> On 08/30/2011 11:03 AM, Amrith Z wrote:
>>>
>>> Thx for answering!
>>>
>>>
>>>
>>> I changed the bpf filter the way you said it, and I have still logs from my internal network.
>>
>> Can you post an alert from the fast.log?
>>
>> Regards,
>> Victor
>>
>> --
>> ---------------------------------------------
>> Victor Julien
>> http://www.inliniac.net/
>> PGP: http://www.inliniac.net/victorjulien.asc
>> ---------------------------------------------
>>
>> _______________________________________________
>> Oisf-users mailing list
>> Oisf-users at openinfosecfoundation.org
>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list