[Bro] - Skip Weird or ProtocolViolation analyzer

Hosom, Stephen M hosom at battelle.org
Mon Jun 5 10:36:52 PDT 2017


I don’t think weird can cleanly be disabled. Is there a particular reason that you’re trying this hard to optimize? Even if you could turn off weird, it would be a bad idea to do so. That’s where a lot of the good troubleshooting data comes from for Bro. It can be a great way to find problems with your Bro deployment and your environment.

From: bro-bounces at bro.org [mailto:bro-bounces at bro.org] On Behalf Of william de ping
Sent: Sunday, June 4, 2017 11:07 AM
To: bro at bro.org
Subject: [Bro] - Skip Weird or ProtocolViolation analyzer

Message received from outside the Battelle network. Carefully examine it before you open any links or attachments.
Hi all,
I am trying to save bro unnecessary events, weird is has quit a few hits that are not relevant to me.
I see that under HTTP.cc or DNS.cc I have some redirection to WEIRD or ProtocolViolation analyzers.
How can I delete the connection at this stage instead of sending it to another costly analyzer ?
can I just comment it out ?
Thank you,
B
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170605/a7e77819/attachment.html 


More information about the Bro mailing list