SAWMILLFORUM

You can setup a mapping file of the IP addresses, and then reject by comparing the IP address to the map file.

The method would be first to create the map file, which is a CFG file in Sawmill.

The CFG file name would be myips.cfg

the internal name would be:

myips = {
192_168_1_2 = "true"
192_168_155_155 = "true"
} # myips

then you'd create an advanced log filter:

v.c_ip = replace_all(c_ip, ".", "_");
if (subnode_exists("myips", v.c_ip)) then "reject";

Then you will need to place the file "myips.cfg" into the Sawmill install folder, LogAnalysisInfo.

Rebuild the database, and the IPs you'd like to exclude should be removed. Note that the field name "c_ip" above is the client IP field, you will need replace the name "c_ip" with whatever IP address field you are attempting to reject on, e.g. destination_ip" or something like that. The log field names are in the config->log fields section, and you'll need to use the internal Sawmill identifier.

Hope this helps, if you have questions let me know.