[Bro] Ignoring hosts or ranges?
JAzoff at albany.edu
Tue Mar 6 08:07:24 PST 2012
On Tue, Mar 06, 2012 at 09:23:43AM -0600, relevant username wrote:
> I was wondering what the best way to ignore certain hosts or ranges would be.
> I found some documentation from 2004 on this, but it doesn't look like it's
> applicable any more.
Give something like this a try:
redef PacketFilter::all_packets = F; # don't capture all packets
redef capture_filters = [[ "all"] = "ip or not ip"];
redef restrict_filters += [ ["not-scanners"] = "not host 192.168.1.100 and not host 192.168.2.100"];
-- Justin Azoff
-- Network Security & Performance Analyst
More information about the Bro