[Bro] Add information to intel.log (Vito Logrillo)

Adam Hall abhall1 at yahoo.com
Thu Jul 9 15:44:32 PDT 2015 

Good Evening Vito,
   I used the script located at "https://github.com/bro/bro-scripts/blob/master/conn-add-geodata.bro" to add the extra fields.
I have not used this in 2.4, but I believe it will work.
You create the new fields you want, then populate those fields, then it adds it to the log entry before it puts it in the log file.
Hope this helps.
Adam 'RedLight' Hall



      From: "bro-request at bro.org" <bro-request at bro.org>
 To: bro at bro.org 
 Sent: Thursday, July 9, 2015 3:00 PM
 Subject: Bro Digest, Vol 111, Issue 15
   
Send Bro mailing list submissions to
    bro at bro.org

To subscribe or unsubscribe via the World Wide Web, visit
    http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
or, via email, send a message with subject or body 'help' to
    bro-request at bro.org

You can reach the person managing the list at
    bro-owner at bro.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Bro digest..."


Today's Topics:

  1. Add information to intel.log (Vito Logrillo)


----------------------------------------------------------------------

Message: 1
Date: Thu, 9 Jul 2015 20:04:25 +0200
From: Vito Logrillo <vitologrillo at gmail.com>
Subject: [Bro] Add information to intel.log
To: "bro at bro.org" <bro at bro.org>
Message-ID:
    <CANdYiFECxpUccstd4jM2rdS2G9RGLdGY_XBDVLwYhGJ5MN7jXg at mail.gmail.com>
Content-Type: text/plain; charset=UTF-8

Hi all,
how can i add new fields to intel.log files?

I'm working on bro 2.4 and i've found this script
https://github.com/bro/bro-scripts/blob/master/intel-extend.bro

Can i use this script or a solution is already integrated in the
latest bro version?
Best Regards,
Vito


------------------------------

_______________________________________________
Bro mailing list
Bro at bro.org
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro


End of Bro Digest, Vol 111, Issue 15
************************************


  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150709/73e157e5/attachment.html

More information about the Bro mailing list