[Zeek] Is it possible to split the Weird.log?
Jorge Garcia Rodriguez
jgarciar at sia.es
Fri Jan 31 03:27:58 PST 2020
Hi everyone,
I have been investigating this matter with no succes, and i ´ve decided to send this mail in hopes of some of you could help me.
In 2 of my zeeks I have a lot of entries in the Weird.log about "bad_HTTP_request", this generates a lot of traffic that I want to split from the other Weird events before forwarding the events.
Is it possible to send this "bad_HTTP_request" to another custom log like "bad_request.log"?
If not possible the first option, is it possible to stop generating this events?
Thank you all.
Regards.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20200131/013ab12c/attachment.html
More information about the Zeek
mailing list