[Snort-users] Daemonlogger and BPF

Randal T. RIoux randy at ...13561...
Mon Jun 7 00:15:07 EDT 2010


I have a question about the file format for bpf filtering with Daemonlogger.

The syntax isn't described anywhere. However, this is what I know.

"port 80 and port 8080" works fine for the -f command line inclusion.

"port 80 and port 8080 and port 8181" throws this error:

    expression rejects all packets

So, I guess my question really is: what is the proper formatting/syntax 
for BPF usage in Daemonlogger?

Thanks!
Randy




More information about the Snort-users mailing list