Showing results for 
Search instead for 
Did you mean: 
Create a Post

SmartEvent Global Exclusions

I am running SmartEvent on a dedicated VM running R80.10, it is picking up millions of FW logs a day from my numerous F5s that have HTTP health probes using non-standard ports, I tried adding the addresses to the Global Exclusions list but I keep getting hits on them, is there a way to filter them out of SmartEvent in R80? In the R77 version I successfully filtered events but these don't seem to be working the same. I guess another solution would be for me to add excpetions in IPS to ignore them too so a log wouldn't be generated....just trying to see if I'm missing something with the SmartEvent exlusion list.

Labels (1)
2 Replies

Re: SmartEvent Global Exclusions

If it's IPS triggering the log, it would be best to address at the source: add an exception for the relevant traffic.

Re: SmartEvent Global Exclusions

Thanks for the response, that is what I ended up doing, I did find a post where the SmartEvent Global Exclusion list doesn't apply to FW logs, only events generated in SmartEvent, so that is probably why it wasn't working there.

0 Kudos