[Bro-Dev] $tag in notice_info
seth at icir.org
Tue Mar 8 08:14:00 PST 2011
On Mar 8, 2011, at 11:01 AM, Gregor Maier wrote:
> For notices that's true.
> I would like to have the same / a similar mechanism for other log files
> (e.g., http.log) as well.
That's what I'm working towards. I'm not too concerned about disk space so I was thinking of just including the identifier alongside the connection 4-tuple in every log. It would actually be kind of nice. If someone is particularly concerned about it disk space issues in their environment, they'd be able to reconfigure the logging framework locally to either not include the 4-tuple or not include the connection identifier (or include neither if they're crazy).
International Computer Science Institute
(Bro) because everyone has a network
More information about the bro-dev