[Bro-Dev] New http policy scripts
Gregor Maier
gregor at icir.org
Mon Aug 8 21:30:02 PDT 2011
> I do agree that I'm doing some pretty egregious stuff in some of those scripts from an optimization perspective, but I think that optimization attempts in Bro scripts have led to incredibly convoluted scripts and dependency chains. I'm going to press instead for optimizations that allow the scripts to remain well structured. For instance, what about just disabling the http_header or http_data events if you don't want those done? This should already be do-able with the disable_event_group like this:
>
> disable_event_group("http-body");
> disable_event_group("http-header");
after chatting with Seth I actually start to like this idea. Maybe add
policy scripts that, when loaded, will disable these groups to shed load.
cu
Gregor
--
Gregor Maier
<gregor at icir.org> <gregor at icsi.berkeley.edu>
Int. Computer Science Institute (ICSI)
1947 Center St., Ste. 600
Berkeley, CA 94704, USA
http://www.icir.org/gregor/
More information about the bro-dev
mailing list