[Oisf-users] Can I use BPF filter file with suricata?
carlopmart
carlopmart at gmail.com
Fri Mar 18 15:39:49 UTC 2011
On 03/18/2011 04:36 PM, Victor Julien wrote:
> On 03/18/2011 04:27 PM, carlopmart wrote:
>> On 03/18/2011 04:05 PM, Victor Julien wrote:
>>> On 03/18/2011 01:38 PM, carlopmart wrote:
>>>> Hi all
>>>>
>>>> Is it possible to use a bpf filter file with suricata? If not, how can
>>>> I filter out false positives and known activities??
>>>>
>>>> Thanks.
>>>
>>> Yep, suricata -c suricata.yaml -r some.pcap tcp port 80
>>>
>>> The "tcp port 80" part is the bpf filter.
>>>
>>> Cheers,
>>> Victor
>>>
>>
>> Thanks Julien .. But it is posible to pass bpf options in a file or only
>> on command line??
>>
>>
>
> Oh sorry, missed that part of your question. Afaik currently we only
> support the command line. What can we do to improve?
>
IMHO is best to use a file instead of via command line ...
--
CL Martinez
carlopmart {at} gmail {d0t} com
More information about the Oisf-users
mailing list