[Bro] HTTP Log filter

Seth Hall seth at corelight.com
Fri Sep 28 05:03:55 PDT 2018



On 27 Sep 2018, at 9:56, Rick Chisholm wrote:

> Need to find a way to filter all traffic from a particular user-agent 
> so
> that it does not get logged.
>
> Been reading docs and reviewing  .bro files, but still kind of 
> stumped. Any
> help is greatly appreciated.

In addition to Brandon's suggestion and code snippet (which is totally 
the right way to do it!), I'll point you to a blog post I wrote years 
ago about log filtering that might help you get a broader perspective on 
how Bro does log filtering.

   .Seth

--
Seth Hall * Corelight, Inc * www.corelight.com


More information about the Bro mailing list