adding output into intel.log

ps_sunu · January 26, 2017, 12:17pm

i need to write the if condition output into Intel.log category field which i have added in intel.log

my latest code

@load frameworks/intel/seen

export {

redef Intel::read_files += {
fmt("%s/intel-1.dat", @DIR)
};

redef record Intel::Info += {
category: string &optional &log;
attribute: string &log &optional;

};
}

event Intel::log_intel (rec: Intel::Info)
{

if ( rec$seen$where == HTTP::IN_HOST_HEADER )
{
print “True”;
}
else
{
print "False ";

}

print “rec$seen$where is”, rec$seen$where;

}

I need if condition True string into intel.log category field its possible ?

Regards,
Sunu

Topic		Replies	Views
intel log fields adding and processing Zeek	5	127	May 6, 2022
intel.log extra log Zeek	2	98	May 6, 2022
Help with intel framework Zeek	3	99	May 6, 2022
Help with intel framework Zeek	8	103	May 6, 2022
Unable to generate Intel log Zeek	3	231	May 6, 2022