mirror of
https://github.com/zeek/zeek.git
synced 2025-10-17 14:08:20 +00:00
b28801ce95
- When a log record is being "unrolled" (sub-records flattened
out into a single record), it's now possible to choose the
character/string to separate the outer name from the inner
name. This can be used to work around the problems
with ElasticSearch 2.0 not supporting dots "." in field names.
This value can be provided per-filter as well as a global
default value.
- Log fields can be renamed by providing a table per-filter
(or a global default) to rename fields for any log writer.
The name translation is performed after unrolling so the
value in the field name table must match whatever is being
used to separate field names.
For example if the unrolling separator was set to "*":
redef Log::default_unrolling_sep = "*";
The field name map would need to reflect it:
redef Log::default_field_name_map = {
["id*orig_h"] = "src",
["id*orig_p"] = "src_port",
["id*resp_h"] = "dst",
["id*resp_p"] = "dst_port",
};
|
||
|---|---|---|
| .. | ||
| btest | ||
| external | ||
| scripts | ||
| .gitignore | ||
| Makefile | ||
| README | ||
This directory contains suites for testing for Bro's correct
operation:
btest/
An ever-growing set of small unit tests testing Bro's
functionality.
external/
A framework for downloading additional test sets that run more
complex Bro configuration on larger traces files. Due to their
size, these are not included directly. See the README for more
information.
scripts/
Helpers scripts used by some tests.