[Bro] Disable Base script

Ward Sladek wsladekjr at hotmail.com
Tue Dec 24 10:50:42 PST 2013


What is the best practice for disabling a Base script?  For example, I would like to disable syslog monitoring all together.  I have included the following in my local.bro:

event bro_init()
    {
    Log::disable_stream(Syslog::LOG);
    }


This disables the logging of syslog messages, but does it prevent Bro from loading the base/protocols/syslog scripts?  If not, what is the best practice for doing so?  I'm trying to tune/tweak bro for best performance.
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20131224/1e789707/attachment.html 


More information about the Bro mailing list