[Oisf-users] Can I use BPF filter file with suricata?
Victor Julien
victor at inliniac.net
Fri Mar 18 15:42:11 UTC 2011
On 03/18/2011 04:39 PM, carlopmart wrote:
> On 03/18/2011 04:36 PM, Victor Julien wrote:
>> On 03/18/2011 04:27 PM, carlopmart wrote:
>>> On 03/18/2011 04:05 PM, Victor Julien wrote:
>>>> On 03/18/2011 01:38 PM, carlopmart wrote:
>>>>> Hi all
>>>>>
>>>>> Is it possible to use a bpf filter file with suricata? If not, how can
>>>>> I filter out false positives and known activities??
>>>>>
>>>>> Thanks.
>>>>
>>>> Yep, suricata -c suricata.yaml -r some.pcap tcp port 80
>>>>
>>>> The "tcp port 80" part is the bpf filter.
>>>>
>>>> Cheers,
>>>> Victor
>>>>
>>>
>>> Thanks Julien .. But it is posible to pass bpf options in a file or only
>>> on command line??
>>>
>>>
>>
>> Oh sorry, missed that part of your question. Afaik currently we only
>> support the command line. What can we do to improve?
>>
>
> IMHO is best to use a file instead of via command line ...
>
How would this work? A text file with a single expression?
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list