Snort mailing list archives

Re: Exclude one IP

From: Joel Esler <joel.esler () sourcefire com>
Date: Tue, 1 Nov 2005 09:58:25 -0500

If you want to totally exclude it from analyzation, use a BPF filterat the command line, "not host 10.1.10.24"


If you want to exclude it from the HOME_NET

var HOME_NET [10.1.10.0/24,!10.1.10.24]

That should work for you..

Joel


On Nov 1, 2005, at 9:48 AM, John Friedman wrote:

Hi all,

I want to exclude one IP from monitoring segment.  I did
var HOME_NET 10.1.10.0/24[not 10.1.10.24] and got an error.

Anyone can point me the right one?

Thanks,

John

Yahoo! FareChase - Search multiple travel sites in one click.

Current thread:

Exclude one IP John Friedman (Nov 01)
- Re: Exclude one IP Joel Esler (Nov 01)
  - Re: Exclude one IP Matt Kettler (Nov 01)
    - Re: Exclude one IP Joel Esler (Nov 01)
    - Re: Exclude one IP Joel Esler (Nov 01)
    - Re: Exclude one IP Paul Schmehl (Nov 01)
    - Re: Exclude one IP Joel Esler (Nov 01)
    - Re: Exclude one IP Matt Kettler (Nov 01)
    - Re: Exclude one IP Joel Esler (Nov 01)
    - Re: Exclude one IP Matt Kettler (Nov 01)
    - RE: Exclude one IP Paul Melson (Nov 02)
    - Re: Exclude one IP Joel Esler (Nov 02)