How remove or redefine a field in a log?

Vito_Logrillo · January 29, 2015, 4:56pm

Hi,
is it possible to remove or redefine an existing field in a log?
For example, if i want to remove only the field

local_orig: bool &log &optional;

in conn.log, how can i do it?
And if i want to redefine it in this way:

local_orig: string &optional &log;

??
Thanks,
Vito

Luis_Miguel_Silva · January 29, 2015, 5:36pm

Vito,

I’m brand new to bro so I apologize if this isn’t a good suggestion…

But as I was reading the documentation, I came across this which might help you with what you need:
https://www.bro.org/development/logging.html#extending

It doesn’t redefine an existing field but it allows you to, at least, append to it!

As for removing an existing field, just looking at the example on how to EXTEND logging (which basically adds an element to the Conn::Info array), couldn’t we do something like this?
delete Conn::Info[‘field’]

Best,
Luis

Topic		Replies	Views
http.log reorder and skip fields, how? Zeek	4	99	May 6, 2022
Log File Modifications Zeek	3	121	May 6, 2022
adding fields to HTTP log - cluster environment Zeek	3	109	May 6, 2022
host field Zeek	11	74	May 6, 2022
conn.log question Zeek	4	87	May 6, 2022

How remove or redefine a field in a log?

Related topics