[Bro] host field
Seth Hall
seth at icir.org
Wed Oct 5 05:12:24 PDT 2016
> On Oct 4, 2016, at 11:58 PM, M P <mpselab at gmail.com> wrote:
>
> As far as I know as I understand it, going this route in 2.4 and then later upgrading to 5.x may create conflict and cause unforeseen issues, as suggested here:
>
> https://www.elastic.co/guide/en/elasticsearch/reference/current/dots-in-names.html
Thanks for the link. If I understood that right, the only scenario where that's a problem would be if we had a field named "id" and another field named "id.orig_h". Due to the way the logging framework functions, Bro will never write out logs that would have that issue so I think what this link describes isn't an issue for us.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
More information about the Bro
mailing list