[Bro] Ignore Weird Events???
Vern Paxson
vern at icir.org
Wed Jun 4 17:30:54 PDT 2008
You need two tweaks to your script, per the appended diff.
Note, in general you'd add definitions like yours to local.lite.bro rather
than local.site.bro. Putting them in the latter risks introducing dependency
circularities (such as due to the new "@load weird").
Vern
--- orig.bro 2008-06-04 17:28:17.000000000 -0700
+++ modified.bro 2008-06-04 17:28:11.000000000 -0700
@@ -6,9 +6,10 @@
# this file, telling bro what your local networks are.
@load site
+ at load weird
redef notice_action_filters += {
- WeirdActivity = ignore_notice,
+ [Weird::WeirdActivity] = ignore_notice,
};
redef local_nets: set[subnet] = {
More information about the Bro
mailing list