[Bro] Exclude IPS
김희철
hckim at narusec.com
Tue Nov 18 16:54:52 PST 2014
Hi
I have exclude IP using these command
local.bro:
redef PacketFilter::enable_auto_protocol_capture_filters = F;
redef capture_filters = { ["all"] = "ip or not ip" };
local-worker.bro:
redef restrict_filters = { ["not-hosts"] = "not host X.X.X.X" };
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20141119/b60beb06/attachment.html
More information about the Bro
mailing list