Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Setup: disable Bro syslog.log by default in Production Mode #1457

Closed
dougburks opened this Issue Feb 19, 2019 · 3 comments

Comments

Projects
2 participants
@dougburks
Copy link
Contributor

dougburks commented Feb 19, 2019

No description provided.

@wdpless

This comment has been minimized.

Copy link

wdpless commented Feb 19, 2019

Is that where our external devices are sending our logs?

@dougburks

This comment has been minimized.

Copy link
Contributor Author

dougburks commented Feb 19, 2019

As Bro is monitoring your network traffic, if it sees cleartext syslog traffic, it will log that to its syslog.log file as if it were the actual syslog collector. Most networks have syslog traffic on them and this can be quite voluminous. Many folks find that this duplication of syslog wastes disk space and processing power, so we are considering disabling it by default. Folks could still enable if they choose to do so.

@dougburks dougburks changed the title Consider disabling Bro syslog.log by default Disable Bro syslog.log by default Feb 23, 2019

dougburks added a commit to Security-Onion-Solutions/securityonion-elastic that referenced this issue Feb 23, 2019

@dougburks dougburks added this to To do in 16.04.6.1 via automation Feb 23, 2019

@dougburks dougburks changed the title Disable Bro syslog.log by default securityonion-elastic: disable Bro syslog.log by default Feb 23, 2019

@dougburks dougburks moved this from To do to In progress in 16.04.6.1 Feb 23, 2019

@dougburks dougburks self-assigned this Feb 23, 2019

@dougburks dougburks changed the title securityonion-elastic: disable Bro syslog.log by default disable Bro syslog.log by default Feb 23, 2019

@dougburks dougburks changed the title disable Bro syslog.log by default Setup: disable Bro syslog.log by default Feb 23, 2019

dougburks added a commit to Security-Onion-Solutions/securityonion-setup that referenced this issue Feb 23, 2019

@dougburks dougburks moved this from In progress to In Testing in 16.04.6.1 Feb 23, 2019

dougburks added a commit to Security-Onion-Solutions/securityonion-setup that referenced this issue Feb 23, 2019

@dougburks dougburks changed the title Setup: disable Bro syslog.log by default Setup: disable Bro syslog.log by default in Production Mode Feb 23, 2019

@dougburks dougburks closed this Feb 26, 2019

16.04.6.1 automation moved this from In Testing to Done Feb 26, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.