[Bro] disabling PE analyzer
Keith Lehigh
klehigh at iu.edu
Fri Apr 13 08:49:37 PDT 2018
Hi Folks,
I’m trying to identify the source of some memory issues and as part of my troubleshooting, I wanted to try disabling the PE analyzer but I’m unable to get the syntax right. Below is what I’m trying along w/ some output. I’m quite surprised that Analyzer::ANALYZER_DHCP, shows up in disabled_analyzers when I redef the variable. Thanks for any insight.
- Keith
test.bro:
redef Analyzer::disabled_analyzers += { Files::ANALYZER_PE };
event bro_init()
{
print Analyzer::disabled_analyzers;
}
Output :
{
Analyzer::ANALYZER_TCPSTATS,
Analyzer::ANALYZER_DHCP,
Analyzer::ANALYZER_INTERCONN,
Analyzer::ANALYZER_BACKDOOR,
Analyzer::ANALYZER_STEPPINGSTONE
}
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3740 bytes
Desc: S/MIME digital signature
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180413/c6b9fc8e/attachment.bin
More information about the Bro
mailing list