[Oisf-users] Can I use BPF filter file with suricata?
Victor Julien
victor at inliniac.net
Fri Mar 18 15:05:48 UTC 2011
On 03/18/2011 01:38 PM, carlopmart wrote:
> Hi all
>
> Is it possible to use a bpf filter file with suricata? If not, how can
> I filter out false positives and known activities??
>
> Thanks.
Yep, suricata -c suricata.yaml -r some.pcap tcp port 80
The "tcp port 80" part is the bpf filter.
Cheers,
Victor
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list