[Bro] Bro Intel framework - filter out
Seth Hall
seth at icir.org
Mon Jan 19 07:19:51 PST 2015
> On Jan 18, 2015, at 6:31 PM, Mike Patterson <mike.patterson at uwaterloo.ca> wrote:
>
> There’s probably other, possibly even better, ways to do it, but this works for me.
FWIW, there is the exclude function in the packet filter framework.
event bro_init()
{
PacketFilter::exclude(“ignore this stuff”, "net 10.0.0.1/24 or host 10.1.2.3”);
}
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
More information about the Bro
mailing list