outputting only a single log

Cody_Shepherd · April 25, 2016, 11:31pm

Hi there,

Do you have a brief set of instructions for how to have a command like bro --iface output only one of the default logs? E.g. the conn.log.

Matthias_Vallentin1 · April 26, 2016, 2:43am

Do you have a brief set of instructions for how to have a command like
bro --iface <interface> output only one of the default logs? E.g. the
conn.log.

Per the similar stackoverflow post [1], you can do this with:

bro -i <interface> -b base/protocols/conn

The flag -b runs Bro in "bare mode." This disables all default scripts.
You can then manually turn on only the scripts you need.

Matthias

[1] security - Bro: Log only one stream - Stack Overflow

Topic		Replies	Views
minimal bro Zeek	6	65	May 6, 2022
changing log output Zeek	3	85	May 6, 2022
Hui Lin_How to disable some default log option Development development	3	64	May 6, 2022
Hui Lin_Bro disable log stream is not working? Zeek	2	51	May 6, 2022
Disabling logs from loaded scripts Zeek	3	91	May 6, 2022

outputting only a single log

Related Topics