[Bro] Ignore Weird Events???
Adriel Desautels
adriel at netragard.com
Wed Jun 4 17:59:58 PDT 2008
I do not have a local.lite.bro file, where's it at?
Regards,
Adriel T. Desautels
Chief Technology Officer
Netragard, LLC.
Office : 617-934-0269
Mobile : 617-633-3821
http://www.linkedin.com/pub/1/118/a45
Join the Netragard, LLC. Linked In Group:
http://www.linkedin.com/e/gis/48683/0B98E1705142
---------------------------------------------------------------
Netragard, LLC - http://www.netragard.com - "We make IT Safe"
Penetration Testing, Vulnerability Assessments, Website Security
Netragard Whitepaper Downloads:
-------------------------------
Choosing the right provider : http://tinyurl.com/2ahk3j
Three Things you must know : http://tinyurl.com/26pjsn
Vern Paxson wrote:
> You need two tweaks to your script, per the appended diff.
>
> Note, in general you'd add definitions like yours to local.lite.bro rather
> than local.site.bro. Putting them in the latter risks introducing dependency
> circularities (such as due to the new "@load weird").
>
> Vern
>
>
> --- orig.bro 2008-06-04 17:28:17.000000000 -0700
> +++ modified.bro 2008-06-04 17:28:11.000000000 -0700
> @@ -6,9 +6,10 @@
> # this file, telling bro what your local networks are.
>
> @load site
> + at load weird
>
> redef notice_action_filters += {
> - WeirdActivity = ignore_notice,
> + [Weird::WeirdActivity] = ignore_notice,
> };
>
> redef local_nets: set[subnet] = {
-------------- next part --------------
A non-text attachment was scrubbed...
Name: adriel.vcf
Type: text/x-vcard
Size: 298 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20080604/aeac2410/attachment.vcf
More information about the Bro
mailing list