[Bro] How remove or redefine a field in a log?
Luis Miguel Silva
luismiguelferreirasilva at gmail.com
Thu Jan 29 09:36:14 PST 2015
Vito,
I'm brand new to bro so I apologize if this isn't a good suggestion...
But as I was reading the documentation, I came across this which might help
you with what you need:
https://www.bro.org/development/logging.html#extending
It doesn't redefine an existing field but it allows you to, at least,
append to it!
As for removing an existing field, just looking at the example on how to EXTEND
logging <https://www.bro.org/development/logging.html#extending> (which
basically adds an element to the Conn::Info array), couldn't we do
something like this?
*delete Conn::Info['field']*
Best,
Luis
On Thu, Jan 29, 2015 at 9:56 AM, Vito Logrillo <vitologrillo at gmail.com>
wrote:
> Hi,
> is it possible to remove or redefine an existing field in a log?
> For example, if i want to remove only the field
>
> local_orig: bool &log &optional;
>
> in conn.log, how can i do it?
> And if i want to redefine it in this way:
>
> local_orig: string &optional &log;
>
> ??
> Thanks,
> Vito
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150129/77114dc6/attachment.html
More information about the Bro
mailing list