[Oisf-users] BPF Filter in af-packet Suricata 5.0.1
Tiago Faria
tiago.faria.backups at gmail.com
Fri Jan 10 00:56:02 UTC 2020
Hi list,
I wanted to first check here before going into Redmine, but it appears that
Suricata 5.0.1 is not processing/accepting "bpf-filter: <file>" under
af-packet.
Section of suricata.yaml:
af-packet:
- cluster-id: 1
cluster-type: cluster_flow
interface: enp2s0
threads: auto
tpacket-v3: 'yes'
use-mmap: 'yes'
bpf-filter: '/etc/suricata/capture-filter.bpf'
The content of capture-filter.bpf:
not host 1.1.1.1 and
not host 2.2.2.2
As far as I could tell from the documentation both the content of the file
and the yaml configuration should be OK.
Any pointers?
Thank you.
T
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20200110/b15613b7/attachment.html>
More information about the Oisf-users
mailing list