[Bro] minimal bro

Seth Hall seth at corelight.com
Thu Apr 12 05:36:11 PDT 2018



On 11 Apr 2018, at 23:53, ps sunu wrote:

> ok thanks guys , i will try this , is it possible while compiling bro 
> as as
> minimal ? only generate conn.log ?

There are no options for building Bro in a minimal way, but Assaf's 
suggestion is the direction that I would go.  If you run Bro with the 
'-b' flag it will run in "bare" mode which causes it to not load the 
init-default.bro script.  You will then have to specify every bit of 
functionality that you would like Bro to run which is also why Assaf 
suggested loading the base/protocols/conn script.

This will cause Bro to do less processing than the other suggestion of 
disabling the log streams.  If you disable the log streams Bro will 
still end up doing all of the work internally to create those logs just 
to throw out the data at the last minute.

   .Seth

--
Seth Hall * Corelight, Inc * www.corelight.com


More information about the Bro mailing list