Capture Filters BPF

Started by dcol, October 07, 2019, 11:49:27 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 07, 2019, 11:49:27 PM
Is there any way to setup Capture Filters (BPF) in Suricata? Or is that something that has to be added to the code
I would like to ignore some hosts.

See here.
https://suricata.readthedocs.io/en/latest/performance/ignoring-traffic.html
October 16, 2023, 08:44:12 PM #1
Reawakening a very old thread, but, I was also curious if anyone setup the BPF Filter for Suricata on OPNSense?

Example Suricata Docs on BPF filtering specific to its inspection:
https://docs.suricata.io/en/latest/performance/ignoring-traffic.html

While I have compiled and ran my own Suricata, I did so on Ubuntu, so the difference between FreeBSD and Ubuntu and how the share inspect pf ring or otherwise gets created is unknown to me.

Haven't found how to filter that way (not modifying N+ IDS rules is ideal), but, it might just because I don't know where to look. Any help appreciated!!
Custom: ASRock 970 Extreme3 R2.0 / AMD FX-8320E / 32 GB DDR3 1866 / X520 & I350 / 500GB SATA
Print
Go Up Pages1
User actions