[Bro] Disabling an analyzer in weird
jan.grashoefer at gmail.com
Fri Mar 10 14:05:20 PST 2017
> Specifically to weird logging, you can redef individual messages:
> redef Weird::actions["dns_unmatched_msg"] = Weird::ACTION_IGNORE;
> redef Weird::actions["dns_unmatched_reply"] = Weird::ACTION_IGNORE;
Just remembered that as I read "dns_unmatched_reply". Thanks for helping
> Re-reading, didn't realize there were more actions than IGNORE(and LOG).
That's the reason why this mechanism would be preferred for filtering weird.
More information about the Bro