How do I ignore an IP address or IP subnet from being monitored?

  • 1
  • Question
  • Updated 6 years ago
  • Answered
I need to know the syntax for using BPF filters.
Photo of Aisling Brennan

Aisling Brennan, Official Rep

  • 392 Posts
  • 8 Reply Likes

Posted 8 years ago

  • 1
Photo of Noeleen Hussey

Noeleen Hussey, Employee

  • 18 Posts
  • 1 Reply Like
The best way to filter out a a specific ip address or subnet being monitored is to use the Sensor Settings page:

From the GUI go to Administration -> Sensors -> Sensor Name -> Edit -> Snoopy BPF traffic filter -> BPF filter for the traffic monitor.

Example syntax to use: not net subnet and not host ip address.
Photo of IT-help

IT-help

  • 52 Posts
  • 2 Reply Likes
If you are running LANGuardian v 10 of greater you will need to follow these instructions to stop the logging of traffic or IDS events from an single host, multiple host or subnet:

Click the gear symbol top right of the GUI and then go to sensors. Then click settings and edit sensor settings

Look for the BPF filter for the traffic monitor.

To exclude one host use the syntax – not host 10.0.0.1

To exclude multiple hosts use syntax – not host (10.200.129.220 or 10.200.48.26 or 10.200.128.60 or 10.200.22.12)

To exclude one subnet use the syntax - not net 192.168.127.0/24