[Oisf-users] Suricata and BPF filters
Peter Bates
peter.bates at ucl.ac.uk
Wed May 30 08:05:04 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello all
On 30/05/2012 08:36, Peter Manev wrote:
> Out of curiosity If you try : suricata -c
> /etc/suricata/suricata.yaml -i eth6 -F /etc/suricata/bpf
I'm presuming not, based on previous discussions on the list - you can
also see 'bpf-filter' in suricata.yaml for PF_RING and PCAP.
I was explicitly trying to use AF_PACKET for performance and to try
the zero copy mode:
https://home.regit.org/2012/02/using-af_packet-zero-copy-mode-in-suricata/
The BPF was mostly to exclude a proportion of traffic but if I can
make the sensor cope with the traffic the BPF is not so useful - next
step obviously would be to try PF_RING.
- --
Peter Bates
Senior Computer Security Officer Phone: +44(0)2076792049
Information Services Division Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJPxdSwAAoJELhVoVpEMS6RGmQH/2xlvP8bUos3ozr26aNkdr/n
e+yq90vKMtoPVcPfyEfQKQeQWjrF4x/e43MxnMfbRqwazmTG+iEMMniQ4/PctDI2
3JMpmXPOadlDpjTDjpi6Frbc9S77cvrhDlZV8rzwvi4xdMF/gB0cUFMuygA3d6gg
g4evo8K5MVbbMGQVMzd2uKJpneDg4jj40wiIMATQ9ExZPRs4dItu/iOy6uV9mzKq
tWuytLI1+g5vAbbM2K1qQnMwb9PCcZUoHgApBVs4VqxR73LOM3Ltxa5CQypyO4fD
jOzv0pcb03W6SgWxsu2mxbRYCIBlZP5+qRNFvNYhQLmarp0BJ/CXJwZfj0v9yAQ=
=Ua9t
-----END PGP SIGNATURE-----
More information about the Oisf-users
mailing list