What would be the best way to have fields populate based on the OUI from MAC or DHCP options from a request (https://github.com/inverse-inc/fingerbank/blob/master/dhcp_fingerprints.conf)? For instance, If I want to see how many requests to a DHCP server are from VMWARE (00:50:56) Hyper-V (00-15-5D), each one uses a unique OUI and I'd like to autotag as HyperVisor="x" based on the OUI. And do something similar for the DHCP option such as OS="x" based on the FINGERPRINT log but I'd like the import the database once a month instaed on modifying many extractors.
-- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/76c5d138-c66e-4c6c-a6ef-1e0821f8b154%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
