[Bro] Adding dns entry to bro logs
kmidwinter at exoendo.com
Wed Jul 26 06:38:02 PDT 2017
I am using bro internally on a network that uses dhcp to assign ip addresses so if I want to investigate something that happened yesterday then doing a nslookup today wont tell me what host it was assigned to at the time the log was created. So is there a way to do an nslookup at the time of log creation and add it to the logs?
I did some googling and found a reference to extending the log format and running scripts but it wasn't enough for me to figure it out.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro