I added the below to remove syslog from getting logged in my local.bro, and I do not have a syslog.log as wanted:
event bro_init()
{
Log::disable_stream(Syslog::LOG);
}
However I am seeing a large amount of the below in weird.log:
1405648595.773644 Comss94xWJf5CHpgnl 10.1.2.72 54619 10.21.0.23 514 binpac exception: string mismatch at /bro-2.3/src/analyzer/protocol/syslog/syslog-protocol.pac:8: \x0aexpected pattern: "[[:digit:]]+"\x0aactual data: "syslog message here" - F bro
My start line:
/usr/local/bin/bro --no-checksums -i eth0 local "Site::local_nets += { 192.168.1.0/24 }"
Is there a way I can troubleshoot this? Thank you.
James