[Bro] How remove or redefine a field in a log?

Luis Miguel Silva luismiguelferreirasilva at gmail.com
Thu Jan 29 09:36:14 PST 2015


I'm brand new to bro so I apologize if this isn't a good suggestion...

But as I was reading the documentation, I came across this which might help
you with what you need:

It doesn't redefine an existing field but it allows you to, at least,
append to it!

As for removing an existing field, just looking at the example on how to EXTEND
logging <https://www.bro.org/development/logging.html#extending> (which
basically adds an element to the Conn::Info array), couldn't we do
something like this?
*delete Conn::Info['field']*


On Thu, Jan 29, 2015 at 9:56 AM, Vito Logrillo <vitologrillo at gmail.com>

> Hi,
> is it possible to remove or redefine an existing field in a log?
> For example, if i want to remove only the field
> local_orig: bool &log &optional;
> in conn.log, how can i do it?
> And if i want to redefine it in this way:
> local_orig: string &optional &log;
> ??
> Thanks,
> Vito
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150129/77114dc6/attachment.html 

More information about the Bro mailing list