[Bro] Disable Base script
Siwek, Jonathan Luke
jsiwek at illinois.edu
Mon Jan 6 11:29:01 PST 2014
On Dec 24, 2013, at 12:50 PM, Ward Sladek <wsladekjr at hotmail.com> wrote:
> What is the best practice for disabling a Base script? For example, I would like to disable syslog monitoring all together. I have included the following in my local.bro:
> event bro_init()
> This disables the logging of syslog messages, but does it prevent Bro from loading the base/protocols/syslog scripts? If not, what is the best practice for doing so? I'm trying to tune/tweak bro for best performance.
For command-line usage, `bro -b` or `bro —bare-mode` prevents base/init-default.bro and the scripts it references from being loaded by default. From there, you can pick and choose freely.
For BroControl usage, I presume that setting “BroArgs = -b” in broctl.cfg and pruning site/local.bro as desired would work.
More information about the Bro