search

StamusNetworks / SELKS

A Suricata based IDS/IPS/NSM distro
https://www.stamus-networks.com/open-source/#selks
GNU General Public License v3.0
1.46k stars 286 forks source link

manual blocking/unblocking vs. snort and guardian #159

Open saman00 opened 5 years ago

saman00 commented 5 years ago

how to filter own ip before ids processing in mirror port ?

1 VLAN- 1000 IP - exclude 2 ip from IDS queue

pevma commented 5 years ago

You can use bpf (bp filter) inside /etc/suricata/selks5-interface yaml config for a particular interface like so https://suricata.readthedocs.io/en/latest/performance/ignoring-traffic.html?highlight=Bpf%20

Then restart Suricata - systemctl restart suricata

Thanks

-- Regards, Peter Manev

On 17 Feb 2019, at 11:14, saman00 notifications@github.com wrote:

how to filter own ip before ids processing in mirror port ?

1 VLAN- 1000 IP - exclude 2 ip from IDS queue

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.