Hello guys.
I tried to configure “suricata.yaml” to have it only focus on the the IP addresses like 192.168.0.x.
But there’re still logs generated by machines of 192.168.1.x.
How can I fix it? Thank you!
#How i configure the yaml
#The output logs
Hi,
HOME_NET: “192.168.1.0/24”
or
HOME_NET: “192.168.0.0/16”
This setting only specifies the HOME_NET variable for signatures. And even in that case you would still have all other networks within EXTERNAL_NET.
Despite that you will have other event types like flows, dns, http for all traffic seen. So if you want to see just traffic from a specific network you could try setting a BPF filter, see 9.7. Ignoring Traffic — Suricata 6.0.5 documentation
