getting Too_Long_To_Compile_Filter notice

Hi there

We have a small army of scanners that I want to exclude from zeek, so I used the BPF filter option. Unfortunately, it’s 166 IP addresses and is triggering this “Too_Long_To_Compile_Filter” warning.

The documentation states “compensation measures may be taken by the framework to reduce the filter size” - does that mean the filter is being shortened? Ironically I’m mainly using the filter to remove stuff that zeek shouldn’t bother with - ie I’m removing load - which apparently is in itself overloading zeek?

Are there other ways of removing noisy and/or masses of uninteresting traffic - without needing to lean on our network team to start altering SPAN traffic flows/etc?

Thanks!