Omit certain IP Address from logs?

[KKAB-FK]

Hi,

I have a python script that "will" be running on the same host as Conpot and the script writes values to some Modbus registers!
As a consequence this "register writes" are being logged and displayed as an "attack log" and being sent to my syslog server!

Is there a possibility to omit a certain IP from being logged?

Br
Felix

[glaslos]

Unfortunately there is no feature for this, but it should be easy to add if you want to give it a try.

[KKAB-FK]

Could you give me a hint on where i should look?
Ive looked through all log related code and could not find the right place in the files in order to do my change!

Br
Felix

[Neoshka1337]

Hi,

I have a python script that "will" be running on the same host as Conpot and the script writes values to some Modbus registers! As a consequence this "register writes" are being logged and displayed as an "attack log" and being sent to my syslog server!

Is there a possibility to omit a certain IP from being logged?

Br Felix

Im looking for the same functionality. Have you implemented this feature?

[glaslos]

Here when you get the event, check the source IP address and then skip the log processing.

[Neoshka1337]

Here when you get the event, check the source IP address and then skip the log processing.

Thanks, i'll try :)

[glaslos]

@Neoshka1337 have you tried?

[Neoshka1337]

@glaslos Unfortunately no, I was already running out of time to finish my thesis and didn't have time to test this feature :(