I have disabled the Log Stream for HTTP :
event bro_init()
{
Log::disable_stream(HTTP::LOG);
}
But i want scripts using HTTP protocol to work e.g https://raw.githubusercontent.com/sethhall/bro-scripts/master/top-websites.bro
Is there any other way to do it ?
Hi,
Using
Log::remove_default_filter(HTTP::LOG);
instead of disable_stream should do what you want.
Indeed, scripts you’re showing depend on the log streams you just disabled.
So there is no way to disable specific logs but still use the analyzers in the script ? The scripts are reading the actual logs and needed from them to work ?
Στις Πέμ, 22 Νοε 2018 στις 10:58 π.μ., ο/η Michał Purzyński <michalpurzynski1@gmail.com> έγραψε:
Read my response again…
Using Log::remove_default_filter does what you want. You used remove_stream which is something different.
Yes you are correct it works ! Thanks a lot