[Bro-Dev] $tag in notice_info
Gregor Maier
gregor at icir.org
Tue Mar 8 08:01:53 PST 2011
On 3/8/11 0:33 , Vern Paxson wrote:
>> I'm actually not sure how helpful having the tag is, I don't think
>> I've ever used the tag but always grep for the 4-tuple right away.
>
> Hmmm, I think I not-uncommonly grep on the tag to map from a notice.log
> entry to a conn.log entry, unless I'm missing some context here.
For notices that's true.
I would like to have the same / a similar mechanism for other log files
(e.g., http.log) as well.
cu
gregor
--
Gregor Maier
<gregor at icir.org> <gregor at icsi.berkeley.edu>
Int. Computer Science Institute (ICSI)
1947 Center St., Ste. 600
Berkeley, CA 94704, USA
http://www.icir.org/gregor/
More information about the bro-dev
mailing list