[Bro] How remove or redefine a field in a log?
Luis Miguel Silva
luismiguelferreirasilva at gmail.com
Thu Jan 29 09:36:14 PST 2015
I'm brand new to bro so I apologize if this isn't a good suggestion...
But as I was reading the documentation, I came across this which might help
you with what you need:
It doesn't redefine an existing field but it allows you to, at least,
append to it!
As for removing an existing field, just looking at the example on how to EXTEND
logging <https://www.bro.org/development/logging.html#extending> (which
basically adds an element to the Conn::Info array), couldn't we do
something like this?
On Thu, Jan 29, 2015 at 9:56 AM, Vito Logrillo <vitologrillo at gmail.com>
> is it possible to remove or redefine an existing field in a log?
> For example, if i want to remove only the field
> local_orig: bool &log &optional;
> in conn.log, how can i do it?
> And if i want to redefine it in this way:
> local_orig: string &optional &log;
> Bro mailing list
> bro at bro-ids.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro