[Zeek] uid in files logs
Palumbo Mauro
mauro.palumbo at aizoon.it
Wed Nov 6 02:08:41 PST 2019
Hi everybody,
it would be useful for us to have the conn uids in the logs from file analyzers (pe.log, x509.log,...). I know this information can be gathered by cross-cehcking different bro logs, but it will save some time to have it already in pe.log, etc. I believe this data is available in the record fa_file.conns, available in events in the file framework, so it seems not difficult to add.
Is there any reason why it is not added by default?
Thanks,
Mauro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20191106/2e8ca0e8/attachment.html
More information about the Zeek
mailing list