[Zeek] Is it possible to split the Weird.log?
Justin Azoff
justin at corelight.com
Fri Jan 31 11:27:07 PST 2020
ap was spot on with the log filters, so I have nothing to add there. I am
wondering about what those weirds are about though. If you do some
reporting on the logs, is it by any chance all coming from the same
client or server or port? It might be something that can be fixed to
not generate these weirds in the first place.
On Fri, Jan 31, 2020 at 6:30 AM Jorge Garcia Rodriguez <jgarciar at sia.es>
wrote:
> Hi everyone,
>
>
>
> I have been investigating this matter with no succes, and i ´ve decided to
> send this mail in hopes of some of you could help me.
>
>
>
> In 2 of my zeeks I have a lot of entries in the Weird.log about
> “bad_HTTP_request”, this generates a lot of traffic that I want to split
> from the other Weird events before forwarding the events.
>
>
>
> Is it possible to send this “bad_HTTP_request” to another custom log like
> “bad_request.log”?
>
>
>
> If not possible the first option, is it possible to stop generating this
> events?
>
>
>
> Thank you all.
>
>
>
> Regards.
>
>
>
>
>
>
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
--
Justin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20200131/2524fa80/attachment.html
More information about the Zeek
mailing list