Excluding attributes from log files #1509
Answered
by
jsiwek
etiennevandebijl
asked this question in
Help
-
Is there a way to exclude (optional) attributes from the log files when using zeek -r file.pcap ? |
Beta Was this translation helpful? Give feedback.
Answered by
jsiwek
Apr 19, 2021
Replies: 1 comment
-
A logging filter should be able to help with that: event zeek_init()
{
Log::remove_default_filter(SSH::LOG);
Log::add_filter(SSH::LOG, [$name="my-filter", $exclude=set("host_key")]);
} More info about filters at these places in case it helps you find anything interesting: |
Beta Was this translation helpful? Give feedback.
0 replies
Answer selected by
etiennevandebijl
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
A logging filter should be able to help with that:
More info about filters at these places in case it helps you find anything interesting: