[Bro] Internal hostname in mail.log
Will
baxterw3232 at gmail.com
Mon May 2 09:36:03 PDT 2011
Hi All,
Can anyone help me determine which broctl script/postprocessor (I'm
assuming) is adding an internal hostname (user.host.com) to mail.log.
cat mail.log:
> 2011-05-02-11:43:05 HTTP_IncorrectFileType (L) 10.0.0.1 = user.host.com
<bro> application/x-dosexec http://www[.]bad[.]com/PrintPeer[.]dat
I would like to add internal hostnames to some other alerts and would
like to avoid re-creating the wheel.
Thanks in advance for any help!
Will
More information about the Bro
mailing list