[Bro] Seeing packets
James Lay
jlay at slave-tothe-box.net
Thu Jun 13 11:09:54 PDT 2013
On 2013-06-13 12:05, Siwek, Jonathan Luke wrote:
> On Jun 9, 2013, at 8:03 AM, James Lay <jlay at slave-tothe-box.net>
> wrote:
>
>> Any way to disable these types of emails:
>>
>> localhost is seeing packets again on interface eth0
>
> I don't see any options to tweak how the output of `broctl cron` is
> constructed/emailed. You can add a feature request at
> http://tracker.bro.org/bro.
>
> The quick and dirty way to disable it would be to directly remove or
> comment out the code that generates those messages in
> /usr/local/bro/lib/broctl/BroControl/cron.py. (looks like for v2.1,
> that's lines 119-123).
>
> - Jon
Thanks Jon...Mike Patterson sent me this offlist, and here's my
response as well:
Are you getting this constantly? I do get it on occasion, when
something horrid has happened (link is down or a worker has crashed)
but otherwise, my Bro install is silent.
Mike
This is listening on my home LAN...so when it's not in use for 5
minutes, not uncommon, I'll see these. Thanks for the response.
I'll take a peek at cron.py and file a feature request as well...thanks
again, it does help.
James
More information about the Bro
mailing list