We are running Bro 0.9a8.14 on our Linux system. We notice that
/ is often 100% full because of huge /var/log/messages, which
seems filled with the Bro alerts that are also recorded in its
own alarm log file.
Is there any way to turn off logging those Bro alerts via syslog? If
not, would we be missing any Bro alerts if we delete /var/log/messages?
Thanks!
Jaeyeon