[Oisf-users] Suricata and BPF
Peter Bates
peter.bates at ucl.ac.uk
Wed Jun 20 11:04:39 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello all
On 20/06/2012 11:49, Peter Bates wrote:
> Do the PF_RING options (including bpf filter) only take from
> suricata.yaml? Is '-F' purely for pcap capturing?
Apologies, me being dumb.
suricata --pfring -c /etc/suricata/suricata.yaml
reads the interfaces configuration from suricata.yaml (as the output
from -h clearly says) and honours
bpf-filter
set in the pf_ring section.
If you use -F at the same time they seem to cancel each other out and
you end up capturing nothing.
- --
Peter Bates
Senior Computer Security Officer Phone: +44(0)2076792049
Information Services Division Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJP4a5HAAoJELhVoVpEMS6RkvwH/2uchKp6SKgCoWiLIg37F8F3
R9NijjsJjy/149k/v7NkmRoTjEqn+Vr6mSEHzV0WL7LW9TL+byXhv7wtLGRc9OHR
lfBInpmEMSHf2i3uUm1kIEti8KEF3XdWwoNnYwmFpKu0LybN0LqX6nYyQmiq+ukc
iQIEH1TYHCzieqp0GonLyBfr9+BtYX/M85170eTZ8dN0X0oYeBN/iYVv9uOd6O/Y
VZX+kRw8k3rgJahYqbXAVZskqKEnH4MFVbLfYuy0BQcRQdV1SeqpAHaEhDx6AY/B
lO/6aw/I92wbE/lwaHQ16324uNlbX2cktDeN2pzZCxJ7wFYNpddBP8N6H3lPjt0=
=heI0
-----END PGP SIGNATURE-----
More information about the Oisf-users
mailing list