[Bro] Disabling logs from loaded scripts
Shane Castle
shane.castle at gmail.com
Wed May 7 03:37:36 PDT 2014
There are a couple of things you might do. You could modify the scripts
you want, put them in bro/share/site, and load them from there instead
of the usual spots, for instance. You could make a new directory under
the bro/share hierarchy, put your custom or test scripts in there, and
load the whole set using one '@load', if I recall correctly.
The best approach might be tuning the logging by customizing the logging
framework. See this section of the doc:
https://www.bro.org/sphinx/frameworks/logging.html
Please experiment, but remember not to modify any of the the scripts in
the normal directories, that is, keep your mods to new directories or to
the bro/share/site directory, as others will be replaced with updates.
--
Shane Castle
On 07.05.2014 10:26, Knick, Scott E CTR USARMY RCERT-EUR (US) wrote:
> I want to tightly control what Bro outputs. As a result, I run it
> with the "bare" option enabled. This works well except any scripts I
> load end up logging their own stuff. For example, if my script loads
> base/protocols/http, then that module ends up logging stuff to
> files.log and http.log. I was able to cut out the files.log by
> loading specifically base/protocols/http/main.bro, but http.log is
> still generated. Is there some other option I can use, perhaps in my
> script?
>
> Thanks.
>
> -- Scott Knick
More information about the Bro
mailing list