12-05-2001 08:06 AM - edited 03-08-2019 09:20 PM
hi all,
is it possible to exclude 0.0.0.0 dest. IP or source IP. it's a 2100 sig. ID
regards,
Ross
12-05-2001 08:17 AM
0.0.0.0 is a Global Summary. You can change the signature itself (2100) to not do SUmmarize but to do "FireOnce" in the SigWizMenu (or Modify Signature in nrConfigure window).
Brenden
12-05-2001 11:36 AM
As brenden mentioned you can change it to FireOnce. This is probably the best solution for your issue with the 2100 signature.
But so you know, with current versions the only way to exclude the 0.0.0.0 ip address is to exclude using the "OUT" keyword. If you type in 0.0.0.0 in the exclusion, packetd won't exclude it, but it will exclude the 0.0.0.0 if the word "OUT" is used. BUT the word "OUT" will exclude not just 0.0.0.0 but ALL external ip addresses.
Also the * will not exclude the 0.0.0.0 ip address. We are in the process of trying ot fix this in the next service pack, but I am not sure what the fix will entail so read the readme when the service pack is released.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide