Hi Joe, we're planning to enable generic dictionary lookups in the message processing pipelines <http://docs.graylog.org/en/2.1/pages/pipelines.html> in a future release, but for now you'd have to do this with Drools: http://docs.graylog.org/en/2.1/pages/drools.html
Cheers, Jochen On Friday, 14 October 2016 20:27:28 UTC+2, Joe G wrote: > > What would be the best way to have fields populate based on the OUI from > MAC or DHCP options from a request ( > https://github.com/inverse-inc/fingerbank/blob/master/dhcp_fingerprints.conf)? > > For instance, If I want to see how many requests to a DHCP server are from > VMWARE (00:50:56) Hyper-V (00-15-5D), each one uses a unique OUI and I'd > like to autotag as HyperVisor="x" based on the OUI. And do something > similar for the DHCP option such as OS="x" based on the FINGERPRINT log but > I'd like the import the database once a month instaed on modifying many > extractors. > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/2cfd6edc-6037-4d5b-a96b-a1f041d36244%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
