identifying bro peers

mel · October 16, 2008, 12:23am

Hi all,

When another Bro is receiving events from a Bro peer, is there any way
to add the peer's name/identifier into the log file?

--mel

Seth_Hall · October 16, 2008, 1:39am

The peer_description variable is what you're looking for and the prefixed_id function which helps with using it.

# Prepend the peer description, if set.
function prefixed_id(id: count): string
         {
         if ( peer_description == "" )
                 return fmt("%s", id);
         else
                 return cat(peer_description, "-", id);
         }

You give it a "count" and it will prepend the name of the peer where the currently handled event originated.

.Seth

mel · October 16, 2008, 7:16am

Seth Hall wrote:

The peer_description variable is what you're looking for and the
prefixed_id function which helps with using it.

# Prepend the peer description, if set.
function prefixed_id(id: count): string
        {
        if ( peer_description == "" )
                return fmt("%s", id);
        else
                return cat(peer_description, "-", id);
        }

You give it a "count" and it will prepend the name of the peer where the
currently handled event originated.

Thanks! Just what I need.

--mel

system · May 6, 2022, 3:38pm