[Oisf-users] Change delimiter in fast.log
Jacob King
jake at hootsuite.com
Tue Apr 12 19:35:33 UTC 2016
I wanted to know if there was a method for changing the delimiter character:
04/12/2016-10:00:26.390382 [**] [1:2013926:8] ET POLICY HTTP traffic on
port 443 (POST) [**] [Classification: Potentially Bad Traffic] [Priority:
2] {TCP} XX.XX.XX.XX:XXXXX -> XX.XX.XX.XX:443
I noticed that it is contstantly set as the [**] string, and I wanted to
change it to a single unicode char that i can parse easily with some log
analysis tools. It appears to be consistent along dns, http and https.
Any help would be appreciated.
Thanks!
Jake
--
id: 7898659753248090
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20160412/31ea2349/attachment.html>
More information about the Oisf-users
mailing list