[Bro] Bro eliminating banner in log files .
Seth Hall
seth at icir.org
Mon Dec 15 06:59:36 PST 2014
> On Dec 14, 2014, at 4:44 PM, John Donnelly <jdonnelly at dyn.com> wrote:
>
> Hi. Is there a way to eliminate the descriptive record banner that is the first line of the log file?
You can do this per-log or globally.
Globally:
redef LogAscii::include_meta=F;
Depending on what this is for, it may be beneficial to just output your log as JSON:
redef LogAscii::use_json=T;
If you want to do either of these settings only in a single log, you can do this…
event bro_init()
{
Log::remove_default_filter(HTTP::LOG);
local filt = Log::Filter($name="default",
$writer=Log::WRITER_ASCII,
$config=table(["include_meta"] = "F"));
Log::add_filter(HTTP::LOG, filt);
}
You should be able to configure any of the other global ascii log settings the same as I did in that example.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
More information about the Bro
mailing list