[Zeek-Dev] Bro 2.5.4
Seth Hall
seth at corelight.com
Thu Jan 24 10:10:50 PST 2019
On 3 Jan 2019, at 11:01, Rajput, Jawad (CONTR) wrote:
> Is there a way to add Bro server hostname field into all the Bro log
> types? We have 5 Bro servers capturing traffic on different network
> nodes, we are trying to add each server/sensor hostname into all the
> log types so analyst can identify where the logs are coming from.
Yes!
We added a log extension mecahnism a while ago. Here's a snippet you
could start from...
```bro
option my_server_name = "";
type MyLogExtension: record {
server_name: string &log;
};
function add_my_log_extension(path: string): MyLogExtension
{
return MyLogExtension($server_name = my_server_name);
}
redef Log::default_ext_func = add_my_log_extension;
```
.Seth
--
Seth Hall * Corelight, Inc * www.corelight.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.icsi.berkeley.edu/pipermail/zeek-dev/attachments/20190124/53a9aecd/attachment.html
More information about the zeek-dev
mailing list