[Bro] Exclude S0 connections from conn.log?
mike at swedishmike.org
Mon Jul 17 01:19:46 PDT 2017
I've been looking at cutting down the size of my logs and after some great
advice on this list one of the things that seems to help is to exclude S0
connections from conn.log
I've been looking at doing this but sadly I'm still too much of a beginner
to get this to work so I was hoping that someone out there can give me some
Basically what I'd like to achieve is for the script to not log any events
with a conn_state of S0 if the originating node is not in my local
If someone could give me some guidance on how to achieve this I'd be
Thanks in advance, Mike
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro