Disable Base script

Ward_Sladek · December 24, 2013, 6:50pm

What is the best practice for disabling a Base script? For example, I would like to disable syslog monitoring all together. I have included the following in my local.bro:

event bro_init()
{
Log::disable_stream(Syslog::LOG);
}

This disables the logging of syslog messages, but does it prevent Bro from loading the base/protocols/syslog scripts? If not, what is the best practice for doing so? I’m trying to tune/tweak bro for best performance.

Siwek_Jon · January 6, 2014, 7:29pm

For command-line usage, `bro -b` or `bro —bare-mode` prevents base/init-default.bro and the scripts it references from being loaded by default. From there, you can pick and choose freely.

For BroControl usage, I presume that setting “BroArgs = -b” in broctl.cfg and pruning site/local.bro as desired would work.

- Jon

Topic		Replies	Views
Disabling logs from loaded scripts Zeek	3	183	May 6, 2022
Properly disabling certain rules Zeek	5	88	May 6, 2022
Limiting the number of scripts and log files bro uses ? Zeek	7	109	May 6, 2022
Hui Lin_How to disable some default log option Development development	3	96	May 6, 2022
Disable broctl port-terminate script Zeek	2	143	May 6, 2022

Disable Base script

Related topics