Created
August 14, 2017 21:35
-
-
Save mpurzynski/fd3864f6bca4a84e6820af67e5d682b4 to your computer and use it in GitHub Desktop.
filter_noise_dns.bro
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This Source Code Form is subject to the terms of the Mozilla Public | |
| # License, v. 2.0. If a copy of the MPL was not distributed with this | |
| # file, You can obtain one at http://mozilla.org/MPL/2.0/. | |
| # | |
| # Contributor(s): | |
| # Michal Purzynski [email protected] | |
| # | |
| module LogFilter; | |
| event bro_init() | |
| { | |
| Log::remove_default_filter(DNS::LOG); | |
| Log::add_filter(DNS::LOG, [$name = "dns-noise", | |
| $path_func(id: Log::ID, path: string, rec: DNS::Info) = { | |
| return (rec?$query && /mozilla.(org|net|com)$|newrelic.com$|github.(io|com)$|allizom.org$/ in rec$query) ? "dns-noise" : "dns"; | |
| }]); | |
| } | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment