[Bro] General Whitelisting IP's or Domains
Alex Kefallonitis
al.kefallonitis at gmail.com
Thu Nov 29 09:34:45 PST 2018
Hi and thanks for the response
I want to be able to apply the whitelist in all of the above as generic
solution when something is spamming or hits as false positive. So is there
any generic solution ?
Thanks in advanced,
Alex Kefallonitis
Στις Πέμ, 29 Νοε 2018 στις 7:30 μ.μ., ο/η Azoff, Justin S <
jazoff at illinois.edu> έγραψε:
> > Is there a generic way to whitelist certain IP's/Subets or Domains in
> local.bro for the whole Bro configuration as not to produce logs and or
> notices.
> >
> > For e.g whitelist 8.8.8.8 or google.com ?
>
> It depends.. if you wanted to ignore ALL traffic to 8.8.8.8 you could add
> this:
>
> redef restrict_filters += [ ["not-google-dns"] = "not (host 8.8.8.8)"
> ];
>
> Ignoring a 'google.com' is possible as well, but a little more involved
> since it
> could appear in dns, ssl, or http logs. Is there a particular kind of log
> that
> you are seeing domains in that you want to ignore, or all of the above?
>
> --
> - Justin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20181129/36d94e9c/attachment.html
More information about the Bro
mailing list