From 62c1bb2c0cd718b31f666868916baf59dec9bb49 Mon Sep 17 00:00:00 2001
From: doug <doug.burks@gmail.com>
Date: Fri, 25 Nov 2022 18:01:53 -0500
Subject: [PATCH] disable ecat_arp_info since it records all arp traffic

---
 setup/so-functions | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup/so-functions b/setup/so-functions
index 20cf7b285..375e30a73 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -2996,7 +2996,6 @@ zeek_logs_enabled() {
                         "    - cotp"\
 			"    - dnp3_objects"\
 			"    - ecat_aoe_info"\
-                        "    - ecat_arp_info"\
                         "    - ecat_coe_info"\
                         "    - ecat_dev_info"\
                         "    - ecat_foe_info"\
@@ -3045,6 +3044,7 @@ zeek_logs_enabled() {
 			"    - tds_rpc"\
 			"    - tds_sql_batch"\
 			"    - wireguard" >> "$zeeklogs_pillar"
+		# In the above list, ecat_arp_info was removed because it's not specific to ecat and records all arp traffic.
 	fi
 	
 	# We don't want Zeek syslog for production deployments as this can create duplicate logs.