[Bro] Disabling an analyzer in weird
Jan Grashöfer
jan.grashoefer at gmail.com
Fri Mar 10 14:05:20 PST 2017
> Specifically to weird logging, you can redef individual messages:
>
> redef Weird::actions["dns_unmatched_msg"] = Weird::ACTION_IGNORE;
> redef Weird::actions["dns_unmatched_reply"] = Weird::ACTION_IGNORE;
Just remembered that as I read "dns_unmatched_reply". Thanks for helping
out, Shane!
> Re-reading, didn't realize there were more actions than IGNORE(and LOG).
> Smart.
That's the reason why this mechanism would be preferred for filtering weird.
Thanks,
Jan
More information about the Bro
mailing list