Hi All,
For a given distribution of Bro, is there a simple way to generate the header portions for all of the various (network/protocol related) log files? Specifically, I’m looking for the names of the individuals fields (the #fields line). My goal is to use the information to automatically generate back-end splunk configuration files prior to upgrading a live system. While the field names don’t change often, they have in the past. Relying on live data to generate the individual logs isn’t ideal as actual traffic must be observed or you have to have a sample pcap for every protocol.
While sample logs do exist in the ‘testing’ directory, I don’t see a quick way to grab samples for each log type that would be repeatable for future releases.
Thanks,
-Paul