CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

disable ecat_arp_info since it records all arp traffic

Browse Source
This commit is contained in:
doug
2022-11-25 18:01:53 -05:00
parent 692ec05b2d
commit 62c1bb2c0c
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
setup/so-functions
View File

@@ -2996,7 +2996,6 @@ zeek_logs_enabled() {
" - cotp"\ " - cotp"\
" - dnp3_objects"\ " - dnp3_objects"\
" - ecat_aoe_info"\ " - ecat_aoe_info"\
" - ecat_arp_info"\
" - ecat_coe_info"\ " - ecat_coe_info"\
" - ecat_dev_info"\ " - ecat_dev_info"\
" - ecat_foe_info"\ " - ecat_foe_info"\
@@ -3045,6 +3044,7 @@ zeek_logs_enabled() {
" - tds_rpc"\ " - tds_rpc"\
" - tds_sql_batch"\ " - tds_sql_batch"\
" - wireguard" >> "$zeeklogs_pillar" " - wireguard" >> "$zeeklogs_pillar"
# In the above list, ecat_arp_info was removed because it's not specific to ecat and records all arp traffic.
fi fi
# We don't want Zeek syslog for production deployments as this can create duplicate logs. # We don't want Zeek syslog for production deployments as this can create duplicate logs.