mmguero
commented
10 months ago Hi, in installation disabling IPv6 means that the OS for Malcolm/Hedgehog won't use IPv6 addressing for their own interfaces, but it doesn't affect what is captured on the wire.
To do that if Malcolm itself is doing the capture, I think you'd need to set a capture filter in PCAP_FILTER in the the pcap-capture.env environment variable file. The corresponding question in the configuration is underneath Should Malcolm capture live network traffic? to which you'd want to answer "custom" to customize traffic capture, then specify the filter when prompted Capture filter (tcpdump-like filter expression; leave blank to capture all traffic).
For Hedgehog Linux, when configuring capture you can provide the same capture filter.
In both cases, the capture filter you'd want would probably be not ip6
Hello there, when I installed sensor and malcolm both selected disable IPV6. When open dashboards there is a lot of logs with IPV6, can you suggest me how to override config and disable ipv6 logs showing.