[Bro] Exclude IPS
김희철
hckim at narusec.com
Wed Nov 19 21:55:20 PST 2014
Hi Seth
Thank you
I put
redef restrict_filters = { ["not-hosts"] = "not host X.X.X.X" };
in a local.bro and it worked. very simple oneliner
Thank's
On Wed, Nov 19, 2014 at 11:09 PM, Seth Hall <seth at icir.org> wrote:
>
> > On Nov 18, 2014, at 7:54 PM, 김희철 <hckim at narusec.com> wrote:
> >
> > redef PacketFilter::enable_auto_protocol_capture_filters = F;
> >
> > redef capture_filters = { ["all"] = "ip or not ip" };
> >
> >
> > local-worker.bro:
> >
> > redef restrict_filters = { ["not-hosts"] = "not host X.X.X.X" };
>
> Hi Hichul!
>
> You could actually simplify this all by just putting that last line in
> local.bro. The rest aren't necessary.
>
> .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20141120/34104cee/attachment.html
More information about the Bro
mailing list