[Bro] Bro eliminating banner in log files .
John Donnelly
jdonnelly at dyn.com
Mon Dec 15 07:48:27 PST 2014
Thank you.
Th global setting did not appear to work, but the individual LOG
filter line did .
On Mon, Dec 15, 2014 at 8:59 AM, Seth Hall <seth at icir.org> wrote:
>
>
> > On Dec 14, 2014, at 4:44 PM, John Donnelly <jdonnelly at dyn.com> wrote:
> >
> > Hi. Is there a way to eliminate the descriptive record banner that is
> the first line of the log file?
>
> You can do this per-log or globally.
>
> Globally:
> redef LogAscii::include_meta=F;
>
> Depending on what this is for, it may be beneficial to just output your
> log as JSON:
> redef LogAscii::use_json=T;
>
> If you want to do either of these settings only in a single log, you can
> do this…
>
> event bro_init()
> {
> Log::remove_default_filter(HTTP::LOG);
> local filt = Log::Filter($name="default",
> $writer=Log::WRITER_ASCII,
> $config=table(["include_meta"] = "F"));
> Log::add_filter(HTTP::LOG, filt);
> }
>
> You should be able to configure any of the other global ascii log settings
> the same as I did in that example.
>
> .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20141215/a2f7cda0/attachment.html
More information about the Bro
mailing list