[Bro] Changing separator
Bernhard Amann
bernhard at ICSI.Berkeley.EDU
Thu Oct 24 08:15:20 PDT 2013
Hi,
you can redefine Log::separator. See http://www.bro.org/sphinx-git/scripts/base/frameworks/logging/main.html
Bernhard
On Oct 24, 2013, at 8:10 AM, James Lay <jlay at slave-tothe-box.net> wrote:
> So...I'm almost certain that there was a way to change from the tab
> character, to comma (I thought), but for the life of me I can't seem to
> find it. Been working with logstash and currently messages come through
> as:
>
> 1382627138.211512\tCQ74U23HZlcab0LNnh\t192.168.1.3\t64079\t224.0.0.1\t8612\tudp\t-\t-\t-\t-\tS0\tT\t0\tD\t1\t44\t0\t0\t(empty)
>
> Which is kind of painful for matching. Any quick pointers on how to do
> this? Thank you.
>
> James
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list