[Zeek] Not recording SOME dns lookups...
Jason Blakey
j.blakey at rheagroup.com
Mon Aug 12 10:37:15 PDT 2019
Hi all,
I've got a site that i'm running BRO on that is generating TONS of DNS events. About 50% of all log file bytes are DNS related. And most of it is repeated lookup of a single a single domain name.
Is there any way (maybe using restrict_filters, maybe something else) to NOT log these DNS events for this specific hostname? I've done some poking around on google, but nothing's jumping out at me.
Thanks,
jason
<https://www.linkedin.com/company/rheagroup>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190812/cf3e81b1/attachment.html
More information about the Zeek
mailing list