[Bro] ignoring all weird?
Seth Hall
hall.692 at osu.edu
Thu Apr 1 13:04:56 PDT 2010
On Apr 1, 2010, at 3:31 PM, Vern Paxson wrote:
>> redef Weird::weird_file = open_log_file("/dev/null");
>
> FYI, I believe Seth Hall sometimes gets the same effect by closing the
> file. I'm not sure how that will interact with log rotation either.
Yep. It doesn't seem to have any noticeable effect. close-ing the
file handle also seems to unhook the print_hook so that remote
printing is disabled as well. Setting the file to /dev/null would
leave remote printing enabled which could cause extra communication
between hosts in multihost setups (cluster).
.Seth
---
Seth Hall
Network Security - Office of the CIO
The Ohio State University
Phone: 614-292-9721
More information about the Bro
mailing list