[Bro] Disabling an analyzer in weird
James Lay
jlay at slave-tothe-box.net
Fri Mar 10 15:11:21 PST 2017
Perfect...thanks Shane and Jan...I'll give it a go and report my
findings.
James
On 2017-03-10 15:05, Jan Grashöfer wrote:
>> Specifically to weird logging, you can redef individual messages:
>>
>> redef Weird::actions["dns_unmatched_msg"] = Weird::ACTION_IGNORE;
>> redef Weird::actions["dns_unmatched_reply"] =
>> Weird::ACTION_IGNORE;
>
> Just remembered that as I read "dns_unmatched_reply". Thanks for
> helping
> out, Shane!
>
>> Re-reading, didn't realize there were more actions than IGNORE(and
>> LOG).
>> Smart.
>
> That's the reason why this mechanism would be preferred for filtering
> weird.
>
> Thanks,
> Jan
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list