[Bro] ignoring all weird?
Robin Sommer
robin at icir.org
Wed Mar 31 09:47:04 PDT 2010
On Wed, Mar 31, 2010 at 08:53 -0500, Tim Rupp wrote:
> I was hoping it'd be that easy, but now the weird messages (content gap,
> ack above a hole, etc) are going to stdout as well as the weird log.
I don't think we currently have a way to generally suppress all
weird messages, just individually per your earlier mail. It is
however posssible to remove them from notice.log by mapping
corresponding notice types to NOTICE_IGNORE.
Justin's solution is almost doing that but it just suppresses the
notice_action_event, not the actual reporting (that event is used
mostly internally). Use either notice_policy or
notice_action_filters instead.
Robin
--
Robin Sommer * Phone +1 (510) 666-2886 * robin at icir.org
ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org
More information about the Bro
mailing list