[Bro] Properly disabling certain rules

Vlad Grigorescu vlad at grigorescu.org
Wed Jun 18 07:56:30 PDT 2014


Hi James,

Just as a matter of terminology, these aren't rules, but analyzers. :-)

Try something like this to your local.bro:

> event bro_init() {
>      Analyzer::disable_analyzer(Analyzer::ANALYZER_SSL);
>      Analyzer::disable_analyzer(Analyzer::ANALYZER_SYSLOG);
> }

 --Vlad


On Jun 18, 2014, at 10:09 AM, James Lay <jlay at slave-tothe-box.net> wrote:

> Team,
> 
> So...after upgrading to Bro 2.3, syslog and ssl have returned, which I 
> do not want to see.  I commented them out in init-default.bro, which is 
> not the right way to go I know.  How can I disable these in my 
> local.bro?  Thank you.
> 
> James
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140618/8cb75203/attachment.bin 


More information about the Bro mailing list