[Bro] Properly disabling certain rules
James Lay
jlay at slave-tothe-box.net
Wed Jun 18 08:01:19 PDT 2014
On 2014-06-18 08:56, Vlad Grigorescu wrote:
> Hi James,
>
> Just as a matter of terminology, these aren't rules, but analyzers.
> :-)
>
> Try something like this to your local.bro:
>
>> event bro_init() {
>> Analyzer::disable_analyzer(Analyzer::ANALYZER_SSL);
>> Analyzer::disable_analyzer(Analyzer::ANALYZER_SYSLOG);
>> }
>
> --Vlad
>
>
> On Jun 18, 2014, at 10:09 AM, James Lay <jlay at slave-tothe-box.net>
> wrote:
>
>> Team,
>>
>> So...after upgrading to Bro 2.3, syslog and ssl have returned, which
>> I
>> do not want to see. I commented them out in init-default.bro, which
>> is
>> not the right way to go I know. How can I disable these in my
>> local.bro? Thank you.
>>
>> James
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
Thanks for the clarification Vlad...helps if I at least SOUND like I
know what I'm talking about :D
James
More information about the Bro
mailing list