[Bro] Disable Log Stream but not the analyzers

Alex Kefallonitis al.kefallonitis at gmail.com
Thu Nov 22 02:05:48 PST 2018 

So there is no way to disable specific logs but still use the analyzers in
the script ? The scripts are reading the actual logs and needed from them
to work ?

Στις Πέμ, 22 Νοε 2018 στις 10:58 π.μ., ο/η Michał Purzyński <
michalpurzynski1 at gmail.com> έγραψε:

> Indeed, scripts you’re showing depend on the log streams you just disabled.
>
> On Nov 22, 2018, at 12:39 AM, Alex Kefallonitis <al.kefallonitis at gmail.com>
> wrote:
>
>
> Hi i did change it but no logs regarding http are produced like
> https://raw.githubusercontent.com/sethhall/bro-scripts/master/top-websites.bro
> or
> https://github.com/BrashEndeavours/bro-scripts/blob/master/http_entropy.bro
> .
>
>
> <image.png>
>
> <image.png>
>
> Στις Τετ, 21 Νοε 2018 στις 11:03 μ.μ., ο/η Azoff, Justin S <
> jazoff at illinois.edu> έγραψε:
>
>> Hi,
>>
>>
>> Using
>>
>>
>>     Log::remove_default_filter(HTTP::LOG);
>>
>> instead of disable_stream should do what you want.
>>
>> ------------------------------
>> *From:* bro-bounces at bro.org <bro-bounces at bro.org> on behalf of Alex
>> Kefallonitis <al.kefallonitis at gmail.com>
>> *Sent:* Wednesday, November 21, 2018 4:28:32 AM
>> *To:* Bro at bro.org
>> *Subject:* [Bro] Disable Log Stream but not the analyzers
>>
>> I have disabled the Log Stream for HTTP :
>>
>> event bro_init()
>>   {
>>     Log::disable_stream(HTTP::LOG);
>>  }
>>
>> But i want scripts using HTTP protocol to work e.g
>> https://raw.githubusercontent.com/sethhall/bro-scripts/master/top-websites.bro
>> <https://urldefense.proofpoint.com/v2/url?u=https-3A__raw.githubusercontent.com_sethhall_bro-2Dscripts_master_top-2Dwebsites.bro&d=DwMFaQ&c=OCIEmEwdEq_aNlsP4fF3gFqSN-E3mlr2t9JcDdfOZag&r=JB1gr8Q2U3j_GvRbWa2WDpXSSrvReahkLBFDmdXlCh0&m=Upw7RnEppKcwibJKc4KDIUBeI-V2RkeYtIWL5FNnXH0&s=CC6T1M5j865G11CwDqWWObidSeRZpMkhelQhnJtSHXw&e=>
>>
>> Is there any other way to do it ?
>>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20181122/9c61edf3/attachment.html

More information about the Bro mailing list