Hello!
I am trying to analyze a pcap file in which I want to retrieve all the source IP and destination IP and also want to add two fields which says that the source IP and destination IP belongs to which class.
I’m able to create a new log file named “origs” that has “ts”, “id.orig_h”,“id.resp_h”. How can I add new fields to the same log file.
Below is the pseudo-code.
event zeek_init()
{
# Add a new filter to the Conn::LOG stream that logs only
local filter: Log::Filter = [$name="orig-only", $path="origs",
$include=set("ts", "id.orig_h","id.resp_h")];
Log::add_filter(Conn::LOG, filter);
}
Please help me…