[Bro] minimalistic bro setup

Johanna Amann johanna at icir.org
Wed Apr 5 09:21:06 PDT 2017


You are probably looking for bare mode, which you can use by starting Bro
with the "-b" option.

In bare mode, Bro only loads init-bare.bro, and does not load
init-default; thus basically no analyzers are activated.

Johanna

On Wed, Apr 05, 2017 at 03:40:37PM +0300, william de ping wrote:
> hi
> any ideas on how to turn off unwanted plugins\analyzers ?
> 
> thanks
> 
> On Tue, Apr 4, 2017 at 1:07 PM, william de ping <bill.de.ping at gmail.com>
> wrote:
> 
> > Hi all,
> >
> > I would like to make bro real thin by not loading all unnecessary
> > plugins\analyzers.
> >
> > I have tweaked init-bare and init-default scripts, yet when I see the
> > loaded-scripts, I see that many plugins are loaded.
> >
> > How can I turn off plugins effectively ?
> > when I edit base/bif/plugins/__load__.bro  to not load ,say, FTP, I get
> > many errors that  some FTP fields are not recognized and preventing the
> > cluster from running.
> >
> > I basically need only UDP and DNS events and have no need for the moment
> > for other down stream analyzers\plugins.
> >
> > Thanks in advance
> > B
> >

> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro



More information about the Bro mailing list