[Bro] Advanced filtering

Thomas, Eric D edthoma at sandia.gov
Tue Jan 24 07:39:28 PST 2012

I'd like to stop processing the packets associated with connections that meet certain heuristics. The goal would be to minimize the internal and script-based processing Bro does on those connections after the heuristic conditions are met, for performance and log size reasons. Is skip_further_processing the right BIF to use, or is there something more efficient or effective? 
Eric Thomas
edthoma at sandia.gov

More information about the Bro mailing list