[Bro] Log File Modifications

[Daniel Thayer]

You can do something like this:

redef Log::default_field_name_map = {
     ["id.orig_h"] = "src",
     ["id.orig_p"] = "src_port",
     ["id.resp_h"] = "dst",
     ["id.resp_p"] = "dst_port",
};


On 12/6/16 1:48 PM, Dave Crawford wrote:
> Is it possible (via scripts vs code modifications) to rename existing columns in a log file? The logging documentation has examples for filtering out specific events, or adding additional columns, but I couldn't find a reference for renaming.
>
> Thanks,
> -Dave