Can anyone help me determine which broctl script/postprocessor (I'm
assuming) is adding an internal hostname (user.host.com) to mail.log.
2011-05-02-11:43:05 HTTP_IncorrectFileType (L) 10.0.0.1 = user.host.com
<bro> application/x-dosexec http://www[.]bad[.]com/PrintPeer[.]dat
I would like to add internal hostnames to some other alerts and would
like to avoid re-creating the wheel.
Thanks in advance for any help!