[Bro] Bro eliminating banner in log files .
jdonnelly at dyn.com
Mon Dec 15 07:48:27 PST 2014
Th global setting did not appear to work, but the individual LOG
filter line did .
On Mon, Dec 15, 2014 at 8:59 AM, Seth Hall <seth at icir.org> wrote:
> > On Dec 14, 2014, at 4:44 PM, John Donnelly <jdonnelly at dyn.com> wrote:
> > Hi. Is there a way to eliminate the descriptive record banner that is
> the first line of the log file?
> You can do this per-log or globally.
> redef LogAscii::include_meta=F;
> Depending on what this is for, it may be beneficial to just output your
> log as JSON:
> redef LogAscii::use_json=T;
> If you want to do either of these settings only in a single log, you can
> do this…
> event bro_init()
> local filt = Log::Filter($name="default",
> $config=table(["include_meta"] = "F"));
> Log::add_filter(HTTP::LOG, filt);
> You should be able to configure any of the other global ascii log settings
> the same as I did in that example.
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro