[Bro] identifying bro peers
Seth Hall
hall.692 at osu.edu
Wed Oct 15 18:39:52 PDT 2008
On Oct 15, 2008, at 8:23 PM, mel wrote:
> When another Bro is receiving events from a Bro peer, is there any way
> to add the peer's name/identifier into the log file?
The peer_description variable is what you're looking for and the
prefixed_id function which helps with using it.
# Prepend the peer description, if set.
function prefixed_id(id: count): string
{
if ( peer_description == "" )
return fmt("%s", id);
else
return cat(peer_description, "-", id);
}
You give it a "count" and it will prepend the name of the peer where
the currently handled event originated.
.Seth
---
Seth Hall
Network Security - Office of the CIO
The Ohio State University
Phone: 614-292-9721
More information about the Bro
mailing list