Internal hostname in mail.log

Hi All,

Can anyone help me determine which broctl script/postprocessor (I'm
assuming) is adding an internal hostname ( to mail.log.

cat mail.log:

2011-05-02-11:43:05 HTTP_IncorrectFileType (L) =

  <bro> application/x-dosexec http://www[.]bad[.]com/PrintPeer[.]dat

I would like to add internal hostnames to some other alerts and would
like to avoid re-creating the wheel.

Thanks in advance for any help!


It's done inside Bro actually, see the
aux/broctl/policy/mail-alarms.bro script.


Perfect! Thanks Robin!