[Zeek-Dev] [EXTERNAL] Re: Bro 2.5.4
Rajput, Jawad (CONTR)
Jawad.Rajput at hq.doe.gov
Sat Jan 26 08:23:44 PST 2019
Thanks a lot Seth, it worked out.
v/r
Jawad
From: Seth Hall [mailto:seth at corelight.com]
Sent: Thursday, January 24, 2019 1:11 PM
To: Rajput, Jawad (CONTR) <Jawad.Rajput at hq.doe.gov>
Cc: bro-dev at bro.org
Subject: [EXTERNAL] Re: [Zeek-Dev] Bro 2.5.4
On 3 Jan 2019, at 11:01, Rajput, Jawad (CONTR) wrote:
Is there a way to add Bro server hostname field into all the Bro log types? We have 5 Bro servers capturing traffic on different network nodes, we are trying to add each server/sensor hostname into all the log types so analyst can identify where the logs are coming from.
Yes!
We added a log extension mecahnism a while ago. Here's a snippet you could start from...
option my_server_name = "";
type MyLogExtension: record {
server_name: string &log;
};
function add_my_log_extension(path: string): MyLogExtension
{
return MyLogExtension($server_name = my_server_name);
}
redef Log::default_ext_func = add_my_log_extension;
.Seth
--
Seth Hall * Corelight, Inc * www.corelight.com<http://www.corelight.com>
********************************************************************
This message does not originate from a known Department of Energy email system.
Use caution if this message contains attachments, links or requests for information.
********************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.icsi.berkeley.edu/pipermail/zeek-dev/attachments/20190126/f73d70c3/attachment.html
More information about the zeek-dev
mailing list