disable ecat_arp_info since it records all arp traffic

2025-12-06 09:12:45 +01:00 · 2022-11-25 18:01:53 -05:00
parent 692ec05b2d
commit 62c1bb2c0c
1 changed files with 1 additions and 1 deletions
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -2996,7 +2996,6 @@ zeek_logs_enabled() {
                        "    - cotp"\
 			"    - dnp3_objects"\
 			"    - ecat_aoe_info"\
-                        "    - ecat_arp_info"\
                        "    - ecat_coe_info"\
                        "    - ecat_dev_info"\
                        "    - ecat_foe_info"\
@@ -3045,6 +3044,7 @@ zeek_logs_enabled() {
 			"    - tds_rpc"\
 			"    - tds_sql_batch"\
 			"    - wireguard" >> "$zeeklogs_pillar"
+		# In the above list, ecat_arp_info was removed because it's not specific to ecat and records all arp traffic.
 	fi
 	
 	# We don't want Zeek syslog for production deployments as this can create duplicate logs.