[Bro] ignoring all weird?
Tim Rupp
tarupp at fnal.gov
Tue Mar 30 09:55:41 PDT 2010
Is there a convenient way that I can suppress all weird messages that
would otherwise bubble up to the weird log?
I've done this
redef notice_action_filters += {
[[Weird::WeirdActivity,
Weird::ContentGap,
Weird::RetransmissionInconsistency,
Weird::AckAboveHole]] = ignore_notice
};
But I still get some weird messages that I need to suppress like this
redef Weird::weird_action: table[string] of Weird::WeirdAction += {
[["above_hole_data_without_any_acks",
"bad_TCP_checksum",
"unmatched_HTTP_reply",
"connection_originator_SYN_ack",
"window_recision",
"unescaped_special_URI_char",
"bad_UDP_checksum",
"data_before_established",
"inflate_failed",
"line_terminated_with_single_CR"
]] = Weird::WEIRD_IGNORE
};
Ideas?
Thanks,
-Tim
More information about the Bro
mailing list