[Bro] minimal bro

ps sunu pssunu6 at gmail.com
Wed Apr 11 20:53:36 PDT 2018


ok thanks guys , i will try this , is it possible while compiling bro as as
minimal ? only generate conn.log ?

On Thu, Apr 12, 2018 at 2:17 AM, Assaf <assaf.morami at gmail.com> wrote:

> bro -r my.pcap -b -C base/protocols/conn
>
> On Wed, Apr 11, 2018 at 4:09 PM, Matiasd Davaro <matiasdavaro at gmail.com>
> wrote:
>
>> If I did not misunderstand your question, you could disable logging for
>> the other protocols and stick directly with the conn.log. Unless someone
>> has a better script or more efficient alternative option, could you
>> possibly name this script and @load it in your local.bro:
>>
>> export {
>>   const ignore_logs = set( a list of all the logs you don't want to
>> see)&redef;
>> }
>>
>> event bro_init()
>> {
>>  for ( i in ignore_logs )
>>   {
>>     Log::disable_stream(i);
>>   }
>> }
>>
>> BTW this idea was gotten from Aaron Eppert's excellent bro scripting
>> class on networkdefense.io.
>>
>> On Wed, Apr 11, 2018 at 1:43 AM, ps sunu <pssunu6 at gmail.com> wrote:
>>
>>> Hi,
>>>                 How to build minimal bro only generate conn.log  not
>>> finding any steps for build this
>>>
>>> Regards,
>>> sunu
>>>
>>> _______________________________________________
>>> Bro mailing list
>>> bro at bro-ids.org
>>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>>
>>
>>
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180412/0dbf134b/attachment.html 


More information about the Bro mailing list