[Bro] bro 2.5 . How to get meta fields on intel.log
giedrius.ramas at gmail.com
Thu Feb 23 06:34:55 PST 2017
Got it working .
On Thu, Feb 23, 2017 at 3:12 PM, Jan Grashöfer <jan.grashoefer at gmail.com>
> > How can we get working those bro extensions for Bro 2.4 on Bro 2.5
> > Currently I get errors:
> > ...
> > line 20: Duplicate identifier documentation: Intel::extend_match
> the intel framework has been reworked for 2.5 and includes a similar
> extension mechanism (a hook instead of an event). The following blog
> entry goes into details:
> > Or question is how to get meta fields on bro intel.log.?
> You can use the extension mechanisms included but keep in mind that each
> hit might be associated with multiple indicators and each indicator
> might be associated with multiple meta data records.
> Bro mailing list
> bro at bro-ids.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro