[Bro] Disabling an analyzer in weird
James Lay
jlay at slave-tothe-box.net
Fri Mar 10 11:18:45 PST 2017
On 2017-03-08 11:17, Jan Grashöfer wrote:
>> Topic :) I'd like to have bro not dump non-rfc compliant syslog
>> messages in the weird file. How can I go about doing that? Thank
>> you.
>
> Add a filter for the log might be an option:
> https://www.bro.org/sphinx-git/frameworks/logging.html#filter-log-records
>
> Jan
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
Thanks Jan. So I did more digging...this used to work in 2.4.1:
http://mailman.icsi.berkeley.edu/pipermail/bro/2014-July/007178.html
But now no longer...I guess I don't want to see binpac exceptions in
weird. Any folks have any thoughts on this? Thank you.
James
More information about the Bro
mailing list