[Bro] How to modify dns.log
seth at icir.org
Fri Jan 23 09:11:41 PST 2015
> On Jan 23, 2015, at 8:43 AM, fasf safas <silusilusilu at gmail.com> wrote:
> For dns.log, which event should be called?
The event should should handle is the one that has the data you’re basing your condition (in your example) off of. The log events are too late. The data is already set and gone at that point. I think there might be some justification for turning those log events into hooks so you could actually modify it in place before it’s actually logged (we’ll discuss this internally).
What is the condition you’re working with in your dns log?
International Computer Science Institute
(Bro) because everyone has a network
More information about the Bro