[Oisf-users] Is it Possible Rename/Alias Fields in eve.json ?
John Peters
psibur at gmail.com
Wed Oct 2 16:41:43 UTC 2019
This one came up out from the guys running our log aggregator, but is is
possible to rename the field written to eve.json either using an alias or
tweaking suricata.yaml? I've tried looking a bit, but suspect it's either
not possible or I'm just not using the right terms.
For example, host: is throwing their aggregator off because it happens to
be a reserved word, so they have to run some script on their side to
translate the host: field in eve.json to another name. They'd like to see
if it's possible to change the name because it'll help reduce cycles on
their already strapped system. ie, instead of writing host:"foo.bar.com",
write myhost:"foo.bar.com"
--john
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20191002/520377c6/attachment.html>
More information about the Oisf-users
mailing list