[Bro] Log filtering a field re-ordering
ehoward at bbg.gov
Thu Feb 26 10:26:27 PST 2015
Hi all, I have followed the instructions contained in https://www.bro.org/sphinx-git/frameworks/logging.html#filtering to create a new field output. I ahve noticed that the fields you choose to include cannot be be re-ordered for display. For example, if I put the 'ts' field in the first position like this:
local filter: Log::Filter = [$name="orig-only", $path="origs", $include=set("id.orig_h","ts")];
the record displays with it in the first position. I assume this is because the include set is just a toggle that does not affect display order which is based on the field position in INFO. How to I re-order the the fields for display? Is this done ion the writer?
-- Eric --
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro