[Bro] Disabling an analyzer in weird

James Lay jlay at slave-tothe-box.net
Fri Mar 10 11:18:45 PST 2017

On 2017-03-08 11:17, Jan Grashöfer wrote:
>> Topic :)  I'd like to have bro not dump non-rfc compliant syslog
>> messages in the weird file.  How can I go about doing that?  Thank 
>> you.
> Add a filter for the log might be an option:
> https://www.bro.org/sphinx-git/frameworks/logging.html#filter-log-records
> Jan
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

Thanks Jan.  So I did more digging...this used to work in 2.4.1:


But now no longer...I guess I don't want to see binpac exceptions in 
weird.  Any folks have any thoughts on this?  Thank you.


More information about the Bro mailing list