Pipeline Rule not working GoogleBot

(Zachary Rosing) #1

Trying to get all GoogleBot traffic out of our logs, and this call is not working.

rule “ALLGOOGLE”
when
has_field(“src_ip”) AND $message.src_ip == “66.*”
then
drop_message();
end

I’ve changed the src_ip to 66., 66.249., 66.249.., 66.249.0.0/16 and none of them have stopped the Google Traffic logs from coming in with everything else.

0 Likes

(Ben van Staveren) #2

You may want to look at http://docs.graylog.org/en/2.5/pages/pipelines/functions.html#cidr-match

Applied as such:

when
    has_field("src_ip") && cidr_match("66.249.0.0/16", to_ip($message.src_ip))
1 Like

(system) closed #3

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

0 Likes