Disable service name in alert||log.log ?

Zeek
1

Hi,

Possible/How disable service name in this file ?

Change :
1094411512.196834 WeirdActivity 193.250.83.215/49649 > 62.23.34.172/http: RST_with_data

to :
1094411512.196834 WeirdActivity 193.250.83.215/49649 > 62.23.34.172/80: RST_with_data

use bro 09a3

Regards

Rmkml@Wanadoo.fr

2

Hi,

have a look at endpoint_id() in port-name.bro.

Cheers,
Christian.

3

YES
Thanks Christian
Regards
Rmkml@Wanadoo.fr