[Bro] http.log reorder and skip fields, how?
Dalton Porter
daltonporter at yahoo.com
Fri Apr 13 10:25:30 PDT 2012
Hello All. It appears that the data in http.log is a listing of the Info fields which have the &log attribute. I can see how to add fields by redefining record Info using the += syntax. However, I want to customize the output by removing some fields and reordering others. What is the proper way to do this? Can the field separator be adjusted? I don't want to actually "remove" fields, I just don't want some of them displayed. I also didn't want to parse the bro output with a shell script to reformat it, I would like to have bro write the data out the way that I need it.
Thanks,
Dalton
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20120413/25d93e56/attachment.html
More information about the Bro
mailing list