[Bro] minimalistic bro setup
Johanna Amann
johanna at icir.org
Wed Apr 5 09:21:06 PDT 2017
You are probably looking for bare mode, which you can use by starting Bro
with the "-b" option.
In bare mode, Bro only loads init-bare.bro, and does not load
init-default; thus basically no analyzers are activated.
Johanna
On Wed, Apr 05, 2017 at 03:40:37PM +0300, william de ping wrote:
> hi
> any ideas on how to turn off unwanted plugins\analyzers ?
>
> thanks
>
> On Tue, Apr 4, 2017 at 1:07 PM, william de ping <bill.de.ping at gmail.com>
> wrote:
>
> > Hi all,
> >
> > I would like to make bro real thin by not loading all unnecessary
> > plugins\analyzers.
> >
> > I have tweaked init-bare and init-default scripts, yet when I see the
> > loaded-scripts, I see that many plugins are loaded.
> >
> > How can I turn off plugins effectively ?
> > when I edit base/bif/plugins/__load__.bro to not load ,say, FTP, I get
> > many errors that some FTP fields are not recognized and preventing the
> > cluster from running.
> >
> > I basically need only UDP and DNS events and have no need for the moment
> > for other down stream analyzers\plugins.
> >
> > Thanks in advance
> > B
> >
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list