[Bro] host field

Michael Shirk shirkdog.bsd at gmail.com
Tue Oct 4 09:32:56 PDT 2016


Seth, in 2.5 is this the way to make elastic happy, so you can rename
'id.orig_h' natively to whatever you want in Bro (minus the dots)?

--
Michael Shirk
Daemon Security, Inc.
http://www.daemon-security.com

On Oct 4, 2016 12:26 PM, "erik clark" <philosnef at gmail.com> wrote:

> Ah shoot, but not in 2.4. Ok, thanks!
>
> On Tue, Oct 4, 2016 at 12:14 PM, Seth Hall <seth at icir.org> wrote:
>
>>
>> > On Oct 4, 2016, at 11:13 AM, erik clark <philosnef at gmail.com> wrote:
>> >
>> > Is there a non-invasive way to rename the host field in bro log output?
>>
>> In 2.5....
>>
>> redef Log::default_field_name_map = {
>>         ["host"] = "something_else",
>> };
>>
>> You can do this per-filter too, but this setting is a global default for
>> all writers and filters.
>>
>>  .Seth
>>
>> --
>> Seth Hall
>> International Computer Science Institute
>> (Bro) because everyone has a network
>> http://www.bro.org/
>>
>>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161004/e88c5d2f/attachment.html 


More information about the Bro mailing list