[Oisf-users] Suricata and BPF
Peter Bates
peter.bates at ucl.ac.uk
Wed Jun 20 10:49:51 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello all
So, I'm running Suricata from git with PF_RING 5.4.3(revision 5441).
I'm starting with:
suricata --pfring-int=eth6 -c /etc/suricata/suricata.yaml
- -F /etc/suricata/bpf.check --user suricata --group suricata
The file 'bpf.check' just contains:
icmp
but I'm seeing logs and alerts on plenty of other traffic.
Do the PF_RING options (including bpf filter) only take from
suricata.yaml? Is '-F' purely for pcap capturing?
Thanks.
- --
Peter Bates
Senior Computer Security Officer Phone: +44(0)2076792049
Information Services Division Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJP4arPAAoJELhVoVpEMS6RCg4IAKkEBzTLWQwrJ8euIAPm33Sv
3H+UehHBxQsdd4mq4KNbg69IOuRTmGWMW31T2SoV+2kziUwaBOck7ajdfP8ipzOS
sucDuFAGpIBjkGavWGKNodJ4ZScs/HfEK6SmIzGMeAvPG9W7I5mpNlSa3ZFdITio
amt/e97WV7iVe8v63GtYUJU6+jDoAwCEZN87tM14D+yRTB8TLCTzzENzl4CpPReP
3bC+FxXMMpHn4oZ9CCJGIl0IKZFX26OH6QZsnd4Ung9MEgAhMwda30dYydacMBLq
z1IBH559Vwd6RpnxOnJgUh6KH8BVktVFi7WoUUb8mR0mQemdeMvrJDBg2bzdqjU=
=ebsy
-----END PGP SIGNATURE-----
More information about the Oisf-users
mailing list