[Bro] Disable service name in alert||log.log ?

rmkml rmkml at wanadoo.fr
Sun Sep 5 22:30:47 PDT 2004


YES
Thanks Christian
Regards
Rmkml at Wanadoo.fr


On Sun, 5 Sep 2004, Christian Kreibich wrote:

> Date: Sun, 05 Sep 2004 22:01:55 +0100
> From: Christian Kreibich <christian at whoop.org>
> To: rmkml <rmkml at wanadoo.fr>
> Cc: bro at lbl.gov
> Subject: Re: [Bro] Disable service name in alert||log.log ?
> 
> On Sun, 2004-09-05 at 20:11, rmkml wrote:
>> Hi,
>>
>> Possible/How disable service name in this file ?
>>
>> Change :
>> 1094411512.196834 WeirdActivity 193.250.83.215/49649 > 62.23.34.172/http:
>> RST_with_data
>>
>> to :
>> 1094411512.196834 WeirdActivity 193.250.83.215/49649 > 62.23.34.172/80:
>> RST_with_data
>>
>> use bro 09a3
>
> Hi,
>
> have a look at endpoint_id() in port-name.bro.
>
> Cheers,
> Christian.
> -- 
> ________________________________________________________________________
>                                          http://www.cl.cam.ac.uk/~cpk25
>                                                    http://www.whoop.org
>
>
>



More information about the Bro mailing list