[Bro] Exclude IPS - only src ip
김희철
hckim at narusec.com
Mon Dec 15 03:08:15 PST 2014
HI
I used to filter ip by adding this command to local.bro
redef restrict_filters = { ["not-hosts"] = "not host X.X.X.X" };
but now I want to filter out only src_ip(in bro id.orig_h)
I tried
redef restrict_filters = { ["not-nets"] = "not src net X.X.X.X" };
redef restrict_filters = { ["not-nets"] = "!src net X.X.X.X" };
redef restrict_filters = { ["not-nets"] = "not(src net X.X.X.X)" };
but it does not filter a ip I want from src_ip
it there a way to filter out only a src_ip?
Thank you
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20141215/5c2be198/attachment.html
More information about the Bro
mailing list