[Bro-Dev] $tag in notice_info
Gregor Maier
gregor at icir.org
Mon Mar 7 18:00:43 PST 2011
On 3/7/11 17:27 , Seth Hall wrote:
>
> On Mar 7, 2011, at 5:58 PM, Gregor Maier wrote:
>
>> ... hmm. This actually reminds me about our discussion about having
>> unique connection IDs (e.g., 64bit ints) in bro, that can then be used
>> to locate a connection across log files.
>
>
> Oh yeah. What's your thought on this? Would you like to have that value print out along with the IP addresses and ports with the connection log and other logs?
I do!
My thinking is that I find somethind interesting in one of the logfiles
(e.g., http.log, alarm.log, conn.log, whatever) and now I want to look
up the connection responsible for that log-entry in other log files.
Using such an ID I could just grep for it (assuming text based logs,
but it should apply similarly to binary logs).
cu
gregor
--
Gregor Maier
<gregor at icir.org> <gregor at icsi.berkeley.edu>
Int. Computer Science Institute (ICSI)
1947 Center St., Ste. 600
Berkeley, CA 94704, USA
http://www.icir.org/gregor/
More information about the bro-dev
mailing list