Hello there,

Wondering if/how we could exclude traffic between two IPs from being stored. The sample documentation only tell how to exclude from one IP. We have massive amounts of traffic between two servers A-B. At the moment I am not interested in storing them as they are on a IPSEC VPN. I would still need to store traffic from A to other hosts and B to other hosts, just not A to B. I cannot use a BPF filter in Capture Adapter as I want to see accurate bandwidth stats.

Any ideas?

TKE

Hi,

We will update the docs to include this example. It is probably a common idiom.

Say you have two hosts 192.168.1.10 and 192.168.2.10 - you dont want to store PCAPs between these two. Heres how you'd do it

1. GO to the RUle Builder (Tools > RUle Builder)
2. ENter one host
3. Enter the next host and select '&' AND as the connecting operator.

Use that expression in the IGNORE parameter of trisulConfig.xml. The final expression should be something like this.


Note that an OR condition (you dont want this in your scenario) is much simpler


Let me know if that works okay. (Note you have to restart Trisul)

Cheers