Logging filter for Bro

MILLER_BRAD_L · July 27, 2015, 8:56pm

Sorry for the basic nature of this question but I seem stuck at a simple bro modification.

I intend to write a bro filter that is outlined here: http://blog.bro.org/2012/02/filtering-logs-with-bro.html (splitting DNS logs), and I have all the parameters I need. However, I am stuck on the actual execution of where and how to put the filter in place. While the article is helpful, I am not sure how to implement the logging filter. Is it just a bro script to be invoked via local.bro?

Brad

MILLER_BRAD_L · July 27, 2015, 9:11pm

Actually… answered my own question by just adding the code directly to local.bro. It works!

Gary_Faulkner1 · July 28, 2015, 2:52am

You could also create a new script and place it under /share/bro/site/ and then add an @load statement to local.bro.

Topic		Replies	Views
Tuning Bro Zeek	2	60	May 6, 2022
Question: using Log Filter Framework Zeek	3	73	May 6, 2022
Changing logging defaults Zeek	2	86	May 6, 2022
Not recording SOME dns lookups... Zeek	2	110	May 6, 2022
dns.bro Development development	8	80	May 6, 2022

Logging filter for Bro

Related Topics