List:
I am trying to get bro (9a8) to capture http events that are not coming over port 80/tcp as well as several other ports.
http-request.bro:
“not tcp dst port 80 and not tcp dst port 8080”
However, bro seems to be only reading one filter and not the second part of filter.
Thoughts,
Jake Babbin