Suricata

Here's my command line:
sudo suricata --user sguil --group sguil -c /etc/nsm/qa-eth0/suricata.yaml --af-packet=eth0 -F /etc/nsm/qa-eth0/bpf.conf -l /nsm/sensor_data/qa-eth0

Suricata starts but there is no log entry confirming the BPF filter and Suricata still alerts on traffic from my IP addresses in the BPF.

If I change "--af-packet=eth0" to "-i eth0", then I see "BPF filter set from command line or via old 'bpf-filter' option" in the log and everything works properly.

IRC conversation:
VictorJ
hmm
thinking about it, I don't think we support bpf for afpacket at all
do we Regit ?

8:59
Regit
VictorJ: no it's not implemented
9:00
VictorJ
9:00
securityonion, so I guess we need a feature ticket