Template for disabling logs
Opened this issue · 0 comments
ethack commented
Maybe create a commented out block in the local.zeek file that lists all logs. Then you can uncomment the logs to disable.
event zeek_init()
{
Log::disable_stream(Syslog::LOG);
}
In the zeek source code you can find the names of the logs with:
grep -R -F 'Log::create_stream(' scripts/
References:
Barnyard2::LOG
Broker::LOG
Cluster::LOG
Conn::LOG
DCE_RPC::LOG
DHCP::LOG
DNP3::LOG
DNS::LOG
DPD::LOG
Files::LOG
FTP::LOG
HTTP::LOG
IRC::LOG
Known::CERTS_LOG
Known::HOSTS_LOG
Known::MODBUS_LOG
Known::SERVICES_LOG
KRB::LOG
LoadedScripts::LOG
LOG
Modbus::LOG
Modbus::REGISTER_CHANGE_LOG
MQTT::CONNECT_LOG
MQTT::PUBLISH_LOG
MQTT::SUBSCRIBE_LOG
mysql::LOG
NetControl::DROP_LOG
NetControl::LOG
Notice::ALARM_LOG
Notice::LOG
NTLM::LOG
NTP::LOG
OpenFlow::LOG
PacketFilter::LOG
PRINTLOG
RADIUS::LOG
RDP::LOG
Reporter::LOG
RFB::LOG
Signatures::LOG
SIP::LOG
SMB::CMD_LOG
SMB::FILES_LOG
SMB::MAPPING_LOG
SMTP::LOG
SNMP::LOG
SOCKS::LOG
Software::LOG
SSH::LOG
SSL::LOG
Stats::LOG
Syslog::LOG
Traceroute::LOG
Tunnel::LOG
Unified2::LOG
Weird::LOG
WeirdStats::LOG
X509::LOG