[Bro] minimal bro
Seth Hall
seth at corelight.com
Thu Apr 12 05:36:11 PDT 2018
On 11 Apr 2018, at 23:53, ps sunu wrote:
> ok thanks guys , i will try this , is it possible while compiling bro
> as as
> minimal ? only generate conn.log ?
There are no options for building Bro in a minimal way, but Assaf's
suggestion is the direction that I would go. If you run Bro with the
'-b' flag it will run in "bare" mode which causes it to not load the
init-default.bro script. You will then have to specify every bit of
functionality that you would like Bro to run which is also why Assaf
suggested loading the base/protocols/conn script.
This will cause Bro to do less processing than the other suggestion of
disabling the log streams. If you disable the log streams Bro will
still end up doing all of the work internally to create those logs just
to throw out the data at the last minute.
.Seth
--
Seth Hall * Corelight, Inc * www.corelight.com
More information about the Bro
mailing list