[Bro] Allowing only certain log types
김희철
hckim at narusec.com
Tue Jun 13 18:40:22 PDT 2017
Hi
you could disable log by using Log::disable_stream
to my knowledge it only stop writing to log. It does not going to save
process
reference
<https://www.bro.org/sphinx-git/scripts/base/frameworks/logging/main.bro.html#id-Log::disable_stream>
--sample --
add this to local.bro or separate bro file
event bro_init()
{
Log::disable_stream(Syslog::LOG);
Log::disable_stream(PE::LOG);
Log::disable_stream(X509::LOG);
Log::disable_stream(SIP::LOG);
Log::disable_stream(SNMP::LOG);
Log::disable_stream(mysql::LOG);
Log::disable_stream(Syslog::LOG);
}
--
------------------------------------------------------
Hichul Kim 김희철 선임 연구원
Naru Security (주)나루씨큐리티
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170614/eb95cdfa/attachment.html
More information about the Bro
mailing list