[Bro-Dev] Broker data layouts
Jon Siwek
jsiwek at corelight.com
Tue Aug 21 12:05:07 PDT 2018
On Tue, Aug 21, 2018 at 1:09 PM Robin Sommer <robin at corelight.com> wrote:
> Also, this question is about events, not logs, right? Logs have a
> different wire format and they actually come with meta data describing
> their columns.
Though the Broker data corresponding to log entry content is also
opaque at the moment (I recall that was maybe for performance or
message volume optimization), but I suppose same reasoning as before
could apply: this info is internal to Bro operation unless one wants
to explicitly re-publish it via their own event for external
consumption.
- Jon
More information about the bro-dev
mailing list