[Bro-Dev] [JIRA] (BIT-1145) Individual set_seperator for different feeds

aashish (JIRA) jira at bro-tracker.atlassian.net
Tue Mar 4 15:11:18 PST 2014


aashish created BIT-1145:
----------------------------

             Summary: Individual set_seperator for different feeds
                 Key: BIT-1145
                 URL: https://bro-tracker.atlassian.net/browse/BIT-1145
             Project: Bro Issue Tracker
          Issue Type: New Feature
          Components: Bro
    Affects Versions: 2.3
            Reporter: aashish


Can we assign an individual set_separator per feed ?  

Why ?: 

Various data feeds from different sources have their own fields separators.

We need to post process these feeds in order to digest the data into bro using input-framework, this creates a need to have two tiered storage for each of the data feeds (original data + re-formatted data for input framework). 

At present the workaround is to basically format all data feeds to use intel-framework and this works very well.  There is still useful needs to have data feeds outside intel-framework for example - digesting list of subnets+building allocations in the network or digesting auth data... and so on. 



--
This message was sent by Atlassian JIRA
(v6.2-OD-10-004-WN#6253)


More information about the bro-dev mailing list