[Bro-Dev] DHCP event removal
Seth Hall
seth at corelight.com
Tue Jun 19 10:55:47 PDT 2018
On 18 Jun 2018, at 15:09, Alan Commike wrote:
> With the default TSV, any change can break export into the various
> back-end log stores and SIEMs. When adding new fields, it would be
> nice to see them added to the end of the Info structure.
This was a complete rework on the logs and scripts so the structure is
completely different. Unfortunately it wasn't just one of the cases
where a field or two was added.
I don't think that assuming the order of fields is ever a safe
assumption. It's why we shipped a version of bro-cut with Bro 2.0. We
wanted to encourage people to refer to fields by the field name rather
than the ordinal position of the field.
.Seth
--
Seth Hall * Corelight, Inc * www.corelight.com
More information about the bro-dev
mailing list