<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/xhtml; charset=utf-8">
</head>
<body>
<div style="font-family:sans-serif"><div style="white-space:normal">
<p dir="auto">On 3 Jan 2019, at 11:01, Rajput, Jawad (CONTR) wrote:</p>
</div>
<div style="white-space:normal"><blockquote style="border-left:2px solid #777; color:#777; margin:0 0 5px; padding-left:5px"><p dir="auto">Is there a way to add Bro server hostname field into all the Bro log types? We have 5 Bro servers capturing traffic on different network nodes, we are trying to add each server/sensor hostname into all the log types so analyst can identify where the logs are coming from.</p>
</blockquote></div>
<div style="white-space:normal">
<p dir="auto">Yes!</p>
<p dir="auto">We added a log extension mecahnism a while ago. Here's a snippet you could start from...</p>
<pre style="background-color:#F7F7F7; border-radius:5px 5px 5px 5px; margin-left:15px; margin-right:15px; max-width:90vw; overflow-x:auto; padding:5px; color:black" bgcolor="#F7F7F7"><code style="background-color:#F7F7F7; border-radius:3px; margin:0; padding:0" bgcolor="#F7F7F7">option my_server_name <span style="color: #333333">=</span> <span style="background-color: #fff0f0">""</span>;
<span style="color: #008800; font-weight: bold">type</span> MyLogExtension<span style="color: #333333">:</span> <span style="color: #333399; font-weight: bold">record</span> {
server_name<span style="color: #333333">:</span> <span style="color: #333399; font-weight: bold">string</span> &<span style="color: #008800; font-weight: bold">log</span>;
};
<span style="color: #008800; font-weight: bold">function</span> add_my_log_extension(path<span style="color: #333333">:</span> <span style="color: #333399; font-weight: bold">string</span>)<span style="color: #333333">:</span> MyLogExtension
{
<span style="color: #008800; font-weight: bold">return</span> MyLogExtension($server_name <span style="color: #333333">=</span> my_server_name);
}
<span style="color: #008800; font-weight: bold">redef</span> Log<span style="color: #0e84b5; font-weight: bold">::</span>default_ext_func <span style="color: #333333">=</span> add_my_log_extension;
</code></pre>
<p dir="auto">.Seth</p>
<p dir="auto">--<br>
Seth Hall * Corelight, Inc * <a href="http://www.corelight.com" style="color:#3983C4">www.corelight.com</a></p>
</div>
</div>
</body>
</html>