[Bro] is there a bro script to ignore duplicated logs?
MAÁN ABU SHAQRA
maanamen at hotmail.com
Thu Oct 4 03:06:22 PDT 2018
were facing this issue with bro whereby its duplicating entries see below:
1536746459.586520 CbxxYF1uTyqC499HDe 192.168.20.15 137 10.190.129.26 137 udp 39011 - maanpc 1 C_INTERNET 32 NB F
1536746460.343566 CbxxYF1uTyqC499HDe 192.168.20.15 137 10.190.129.26 137 udp 39011 - maanpc 1 C_INTERNET 32 NB F
1536746461.107930 CbxxYF1uTyqC499HDe 192.168.20.15 137 10.190.129.26 137 udp 39011 - maanpc 1 C_INTERNET 32 NB F
1536746466.418528 CbxxYF1uTyqC499HDe 192.168.20.15 137 10.190.129.26 137 udp 39013 - maanpc 1 C_INTERNET 32 NB F
1536746467.176333 CbxxYF1uTyqC499HDe 192.168.20.15 137 10.190.129.26 137 udp 39013 - maanpc 1 C_INTERNET 32 NB F
1536746467.940695 CbxxYF1uTyqC499HDe 192.168.20.15 137 10.190.129.26 137 udp 39013 - maanpc 1 C_INTERNET 32 NB F
1536746473.250630 CbxxYF1uTyqC499HDe 192.168.20.15 137 10.190.129.26 137 udp 39017 - maanpc 1 C_INTERNET 32 NB F
1536746474.010337 CbxxYF1uTyqC499HDe 192.168.20.15 137 10.190.129.26 137 udp 39017 - maanpc 1 C_INTERNET 32 NB F
1536746474.773560 CbxxYF1uTyqC499HDe 192.168.20.15 137 10.190.129.26 137 udp 39017 - maanpc 1 C_INTERNET 32 NB F
1536746452.751762 CbxxYF1uTyqC499HDe 192.168.20.15 137 10.190.129.26 137 udp 39009 - maanpc 1 C_INTERNET 32 NB F
1536746453.510702 CbxxYF1uTyqC499HDe 192.168.20.15 137 10.190.129.26 137 udp 39009 - maanpc 1 C_INTERNET 32 NB F
1536746454.275116 CbxxYF1uTyqC499HDe 192.168.20.15 137 10.190.129.26 137 udp 39009 - maanpc 1 C_INTERNET 32 NB F
pf_ring / af packet didnt help.
thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20181004/2dab4128/attachment.html
More information about the Bro
mailing list