Team,
So...after upgrading to Bro 2.3, syslog and ssl have returned, which I do not want to see. I commented them out in init-default.bro, which is not the right way to go I know. How can I disable these in my local.bro? Thank you.
James
Team,
So...after upgrading to Bro 2.3, syslog and ssl have returned, which I do not want to see. I commented them out in init-default.bro, which is not the right way to go I know. How can I disable these in my local.bro? Thank you.
James
Heh...got it already:
event bro_init()
{
Log::disable_stream(Syslog::LOG);
}
Thanks all.
James
Hi James,
Just as a matter of terminology, these aren't rules, but analyzers.
Try something like this to your local.bro:
event bro_init() {
Analyzer::disable_analyzer(Analyzer::ANALYZER_SSL);
Analyzer::disable_analyzer(Analyzer::ANALYZER_SYSLOG);
}
--Vlad
Thanks for the clarification Vlad...helps if I at least SOUND like I know what I'm talking about
James