Example: Create a filter for pings in a network

This scenario shows an example of using filters to exclude logs from a report.

Company B’s administrator has noticed that the number of ping attempts (ICMP echo requests) in the internal network has increased. The administrator wants a report of all recent pings in the local network to make sure an outsider has not taken over the servers in the internal network. The administrator frequently pings from the HOST 2 workstation in the internal network. The administrator knows that pings coming from HOST 2 are legitimate, and wants to exclude pings from HOST 2 from the report.

The administrator needs a new filter for generating the report. The administrator:

1. Creates a Filter element in which the source IP address field in log data is compared to the internal network’s addresses, and the ICMP type is compared to Echo.
2. Adds a condition that the IP address in the log data must not belong to the HOST 2 workstation.