log-filters

https://github.com/hosom/log-filters
1 1 1 0 Last Push 8/10/17, 10:52 PM

log-filters

Common log filters for Bro IDS

This is a Bro package that provides commonly requested log filters. These filters either modify or prevent the logging of events or records.

Installing with bro-pkg (preferred)

This package can be installed through the bro package manager by utilizing the following commands:

bro-pkg install bro/hosom/log-filters

# you must separately load the package for it to actually do anything
bro-pkg load bro/hosom/log-filters

Configuration

The package installs with no log filters configured, however, log filters can be defined and loaded safely within config.bro.

The filters are described below.

Provided Filters

whitelist-analyzers-fileslog.bro

A filter that restricts the files.log to only files that have a specified file analyzer attached to them.

Configuration

To load this filter, add the following line to your config.bro:

@load filters/whitelist-analyzers-fileslog

To whitelist an analyzer, redef the set logged_file_analyzers.

whitelist-mimetypes-fileslog.bro

A filter that restricts the files.log to only files that have a specified file mimetype detected.

Configuration

To load this filter, add the following line to your config.bro:

@load filters/whitelist-mimetypes-fileslog

To whitelist a mimetype, redef the set logged_file_mimetypes.

Package Version :

Description :

Implement common log filters.

Script Dir :

scripts

Config Files :

scripts/config.bro

Depends :

bro >=2.5.0

Tags :

logging, log framework

Package Checks :

License:
Info:
Found license 'LICENSE'
Readme:
Info:
Found readme 'README.md'
Build Command:
Bad Extension:
Expensive Events:
Unsafe Functions:
Charset: