[Bro] HTTP Log filter
Seth Hall
seth at corelight.com
Fri Sep 28 05:03:55 PDT 2018
On 27 Sep 2018, at 9:56, Rick Chisholm wrote:
> Need to find a way to filter all traffic from a particular user-agent
> so
> that it does not get logged.
>
> Been reading docs and reviewing .bro files, but still kind of
> stumped. Any
> help is greatly appreciated.
In addition to Brandon's suggestion and code snippet (which is totally
the right way to do it!), I'll point you to a blog post I wrote years
ago about log filtering that might help you get a broader perspective on
how Bro does log filtering.
.Seth
--
Seth Hall * Corelight, Inc * www.corelight.com
More information about the Bro
mailing list