[Bro] Disable service name in alert||log.log ?
rmkml
rmkml at wanadoo.fr
Sun Sep 5 22:30:47 PDT 2004
YES
Thanks Christian
Regards
Rmkml at Wanadoo.fr
On Sun, 5 Sep 2004, Christian Kreibich wrote:
> Date: Sun, 05 Sep 2004 22:01:55 +0100
> From: Christian Kreibich <christian at whoop.org>
> To: rmkml <rmkml at wanadoo.fr>
> Cc: bro at lbl.gov
> Subject: Re: [Bro] Disable service name in alert||log.log ?
>
> On Sun, 2004-09-05 at 20:11, rmkml wrote:
>> Hi,
>>
>> Possible/How disable service name in this file ?
>>
>> Change :
>> 1094411512.196834 WeirdActivity 193.250.83.215/49649 > 62.23.34.172/http:
>> RST_with_data
>>
>> to :
>> 1094411512.196834 WeirdActivity 193.250.83.215/49649 > 62.23.34.172/80:
>> RST_with_data
>>
>> use bro 09a3
>
> Hi,
>
> have a look at endpoint_id() in port-name.bro.
>
> Cheers,
> Christian.
> --
> ________________________________________________________________________
> http://www.cl.cam.ac.uk/~cpk25
> http://www.whoop.org
>
>
>
More information about the Bro
mailing list