[Bro] Proper syntax for ignoring subnet to subnet traffic
Seth Hall
hall.692 at osu.edu
Thu Mar 11 13:07:44 PST 2010
On Mar 11, 2010, at 3:10 PM, Mathew Binkley wrote:
> Thanks Seth. A slightly different question: how do I ignore traffic
> between hosts in a particular subnet? I want to ignore all chatter
> between machines in my cluster, and simply examine traffic between the
> cluster and the world.
I would do something similar to the earlier filter...
redef restrict_filters += {
["ignore_internal"] = "not (src net 1.2.3.0/24 and dst net 1.2.3.0/24)"
};
.Seth
---
Seth Hall
Network Security - Office of the CIO
The Ohio State University
Phone: 614-292-9721
More information about the Bro
mailing list