[Bro] Exclude IPS
McMahon, Kevin J
kmcmahon at mitre.org
Tue Nov 18 09:43:01 PST 2014
redef restrict_filters += [["blockedIPs"] = "not net 192.168.1.0/24"];
I think you may need to also include: redef PacketFilter::all_packets = F; I have both of these statements in my config, but I put them in there a long time ago.
From: bro-bounces at bro.org [mailto:bro-bounces at bro.org] On Behalf Of Ioannis.PSAROUDAKIS at ec.europa.eu
Sent: Tuesday, November 18, 2014 12:07 PM
To: bro at bro.org
Subject: [Bro] Exclude IPS
Hi All,
I am running the latest version of Bro and I would like to exclude (not at all log) events from specific IPs.
Can someone provide me with a link/info on how to do this?
Thnx for your time.
Regards
Ioannis
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20141118/45b770fd/attachment.html
More information about the Bro
mailing list