[Bro] Ignoring hosts or ranges?
relevant username
relevantusername at gmail.com
Tue Mar 6 07:23:43 PST 2012
I was wondering what the best way to ignore certain hosts or ranges would
be. I found some documentation from 2004 on this, but it doesn't look like
it's applicable any more.
The reason for this is that we're working to extract certain data from the
connection log but our network scanners are creating a lot of entries in
conn.log that we don't care about. We can of course filter this all out
after it's in the log, but for the sake of simplicity I was hoping there
would be a way to do this in bro.
Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20120306/893a6107/attachment.html
More information about the Bro
mailing list