Created
December 15, 2020 21:00
-
-
Save sethhall/a2651f0f12f8aeafef46513a50301d49 to your computer and use it in GitHub Desktop.
Business Unit everywhere
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ##! Add Business Unit to all logs with an "id" field. | |
| module BusinessUnit; | |
| export { | |
| option BusinessUnit::networks: table[subnet] of string = set(); | |
| } | |
| redef record conn_id += { | |
| ## The business unit seen as the connection originator. | |
| orig_bu: string &log &optional; | |
| ## The business unit seen as the connection responder. | |
| resp_bu: string &log &optional; | |
| }; | |
| event new_connection(c: connection) &priority=4 | |
| { | |
| if ( c$id$orig_h in BusinessUnit::networks ) | |
| c$id$orig_bu = BusinessUnit::networks[c$id$orig_h]; | |
| if ( c$id$resp_h in BusinessUnit::networks ) | |
| c$id$resp_bu = BusinessUnit::networks[c$id$resp_h]; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment