[Bro] Exclude S0 connections from conn.log?
jan.grashoefer at gmail.com
Mon Jul 17 01:40:35 PDT 2017
> Basically what I'd like to achieve is for the script to not log any events
> with a conn_state of S0 if the originating node is not in my local
> If someone could give me some guidance on how to achieve this I'd be
> forever grateful.
you can use a filter (e.g., change the default one):
There is also a blog post
(http://blog.bro.org/2012/02/filtering-logs-with-bro.html) with a couple
of examples as well as scripts available on github (e.g.,
More information about the Bro