I have disabled the Log Stream for HTTP :
event bro_init()
{
Log::disable_stream(HTTP::LOG);
}
But i want scripts using HTTP protocol to work e.g https://raw.githubusercontent.com/sethhall/bro-scripts/master/top-websites.bro
Is there any other way to do it ?
Hi,
Using
Log::remove_default_filter(HTTP::LOG);
instead of disable_stream should do what you want.
Hi i did change it but no logs regarding http are produced like https://raw.githubusercontent.com/sethhall/bro-scripts/master/top-websites.bro or https://github.com/BrashEndeavours/bro-scripts/blob/master/http_entropy.bro .
Στις Τετ, 21 Νοε 2018 στις 11:03 μ.μ., ο/η Azoff, Justin S <jazoff@illinois.edu> έγραψε:
Indeed, scripts you’re showing depend on the log streams you just disabled.
So there is no way to disable specific logs but still use the analyzers in the script ? The scripts are reading the actual logs and needed from them to work ?
Στις Πέμ, 22 Νοε 2018 στις 10:58 π.μ., ο/η Michał Purzyński <michalpurzynski1@gmail.com> έγραψε:
Read my response again…
Using Log::remove_default_filter does what you want. You used remove_stream which is something different.
Yes you are correct it works ! Thanks a lot
