[Bro] Ignore Weird Events???

Vern Paxson vern at icir.org
Wed Jun 4 17:30:54 PDT 2008


You need two tweaks to your script, per the appended diff.

Note, in general you'd add definitions like yours to local.lite.bro rather
than local.site.bro.  Putting them in the latter risks introducing dependency
circularities (such as due to the new "@load weird").

		Vern


--- orig.bro	2008-06-04 17:28:17.000000000 -0700
+++ modified.bro	2008-06-04 17:28:11.000000000 -0700
@@ -6,9 +6,10 @@
 # this file, telling bro what your local networks are.
 
 @load site
+ at load weird
 
 redef notice_action_filters += {
-        WeirdActivity = ignore_notice,
+        [Weird::WeirdActivity] = ignore_notice,
 };
 
 redef local_nets: set[subnet] = {



More information about the Bro mailing list