On 3 Jan 2019, at 11:01, Rajput, Jawad (CONTR) wrote:
Is there a way to add Bro server hostname field into all the Bro log
types? We have 5 Bro servers capturing traffic on different network
nodes, we are trying to add each server/sensor hostname into all the
log types so analyst can identify where the logs are coming from.
Yes!
We added a log extension mecahnism a while ago. Here's a snippet you
could start from...
```bro
option my_server_name = "";
type MyLogExtension: record {
server_name: string &log;
};
function add_my_log_extension(path: string): MyLogExtension
{
return MyLogExtension($server_name = my_server_name);
}
redef Log::default_ext_func = add_my_log_extension;
```
.Seth
--
Seth Hall * Corelight, Inc * www.corelight.com
_______________________________________________
zeek-dev mailing list
zeek-dev@zeek.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/zeek-dev
