[Bro] DNS logging
Robin Sommer
robin at icir.org
Thu Nov 12 17:40:53 PST 2009
On Thu, Nov 12, 2009 at 07:46 -0500, Louis F Ruppert wrote:
> $BROHOME/share/bro/broctl/cluster.dns.bro
Yes, indeed. The cluster config is changing some defaults to values
which seem to be more reasonable in a large setting. It's of course
debatable what the definition of "reasonable" here is :-) With DNS
one gets these huge logs which often aren't very helpful.
So, the general guideline is when you're looking for a specific
setting, also grep through the cluster's *.bro scripts.
> (who also spent some time trying to figure this out)
Sorry. :)
Robin
--
Robin Sommer * Phone +1 (510) 666-2886 * robin at icir.org
ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org
More information about the Bro
mailing list