[Bro] identifying bro peers

Seth Hall hall.692 at osu.edu
Wed Oct 15 18:39:52 PDT 2008

On Oct 15, 2008, at 8:23 PM, mel wrote:

> When another Bro is receiving events from a Bro peer, is there any way
> to add the peer's name/identifier into the log file?

The peer_description variable is what you're looking for and the  
prefixed_id function which helps with using it.

# Prepend the peer description, if set.
function prefixed_id(id: count): string
         if ( peer_description == "" )
                 return fmt("%s", id);
                 return cat(peer_description, "-", id);

You give it a "count" and it will prepend the name of the peer where  
the currently handled event originated.


Seth Hall
Network Security - Office of the CIO
The Ohio State University
Phone: 614-292-9721

More information about the Bro mailing list