How remove or redefine a field in a log?

Vito_Logrillo · January 29, 2015, 4:56pm

Hi,
is it possible to remove or redefine an existing field in a log?
For example, if i want to remove only the field

local_orig: bool &log &optional;

in conn.log, how can i do it?
And if i want to redefine it in this way:

local_orig: string &optional &log;

??
Thanks,
Vito

Luis_Miguel_Silva · January 29, 2015, 5:36pm

Vito,

I’m brand new to bro so I apologize if this isn’t a good suggestion…

But as I was reading the documentation, I came across this which might help you with what you need:
https://www.bro.org/development/logging.html#extending

It doesn’t redefine an existing field but it allows you to, at least, append to it!

As for removing an existing field, just looking at the example on how to EXTEND logging (which basically adds an element to the Conn::Info array), couldn’t we do something like this?
delete Conn::Info[‘field’]

Best,
Luis

Topic		Replies	Views
Logs columm names Development development	2	65	May 6, 2022
Problem accessing additional Field in connection record Zeek	3	51	May 6, 2022
how to Modify the field name Zeek	1	60	May 6, 2022
"delete" for record field proposal Development development	3	55	May 6, 2022
id into x509.log Zeek	3	81	May 6, 2022

How remove or redefine a field in a log?

Related Topics