add-interfaces

Add-Interfaces

This package adds the _interface field to Zeek logs to indicate which interface generated a log entry. By default the field is only added to the conn.log. For further configuration, the following options are available:

OptionDefault ValueDescription
enable_all_logs: boolFEnables interfaces for all active streams
exclude_logs: set[Log::ID]{ }Streams not to add interfaces for
include_logs: set[Log::ID]{ Conn::LOG }Streams to add interfaces for

If Zeek is not executed in cluster mode, the field is not added.

Package Version :