[Bro] outputting only a single log

[Matthias Vallentin]

> Do you have a brief set of instructions for how to have a command like
> bro --iface <interface> output only one of the default logs? E.g. the
> conn.log.

Per the similar stackoverflow post [1], you can do this with:

    bro -i <interface> -b base/protocols/conn

The flag -b runs Bro in "bare mode." This disables all default scripts.
You can then manually turn on only the scripts you need.

    Matthias

[1] http://stackoverflow.com/q/36853106/1170277