[Zeek] uid in files logs

Seth Hall seth at corelight.com
Mon Nov 11 09:53:01 PST 2019


On 6 Nov 2019, at 18:45, Michał Purzyński wrote:

> Here we wanted to kill logging X509 certificates into both files.log 
> and x509.log - and by doing that we saved like 20% of our SIEM intake, 
> globally (!!). Should be easy enough to extend x509.log to include 
> data from conn.log, etc.

You could release a package. :P

   .Seth

--
Seth Hall * Corelight, Inc * www.corelight.com


More information about the Zeek mailing list