[Zeek] uid in files logs
Seth Hall
seth at corelight.com
Mon Nov 11 09:53:01 PST 2019
On 6 Nov 2019, at 18:45, Michał Purzyński wrote:
> Here we wanted to kill logging X509 certificates into both files.log
> and x509.log - and by doing that we saved like 20% of our SIEM intake,
> globally (!!). Should be easy enough to extend x509.log to include
> data from conn.log, etc.
You could release a package. :P
.Seth
--
Seth Hall * Corelight, Inc * www.corelight.com
More information about the Zeek
mailing list