[Bro] Deployment Customization Questions

Daniel Thayer dnthayer at illinois.edu
Tue Sep 8 14:08:40 PDT 2015


On 09/08/2015 03:41 PM, Davison, Charles Robert wrote:
> Good Afternoon,
>
> I have made it so far to Browsing Log Files in Bro via the documentation
> provided under the Quick Start Guide and Managing Bro with BroControl
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.bro.org_sphinx_quickstart_index.html-23managing-2Dbro-2Dwith-2Dbrocontrol&d=AwMFAw&c=8hUWFZcy2Z-Za5rBPlktOQ&r=Bi5qPBnY0NmYPqnRTPj_AfXQKpfQTZUpCzpfFBcawv0&m=fwrhweng0aBfG3FZ0h2NnWKSvPTRJRhw7iS5xt1XxAc&s=NWPCuaP6xhPfVdeLSdNkU4PN_H4wKOD58pidNJnAgu8&e=>.
> I am now in the *R***edefining *Script Option Variables *section and am
> trying to understand the documentation regarding adding the statement to
> local.bro:
>
> redef  Notice::ignored_types  +=  {  SSL::Invalid_Server_Cert  };
>
> I browsed out to the below location and tried to insert the above text
> but don't know where to insert it. Can this be anywhere in the
> document? Also, how would you know to look into main.bro at the module
> notice and derive what needs to be added to local.bro, in this example
> or others?
>

The Quick Start guide is intended to give a (very) quick
tour of some things you can do with Bro, so don't worry
if you don't understand why the examples are written the
way they are.

There is more complete documentation in the "Reference"
section.  For example, the "Notice Framework" document gives
more background information that will help you understand
the example in the Quick Start guide.

For documentation about specific Bro scripts, the
"Bro Package Index" or "Bro Script Index" pages are
quite useful (these are listed on the table of contents of the
Bro Manual).


More information about the Bro mailing list