On 18 Jun 2018, at 15:09, Alan Commike wrote:
> With the default TSV, any change can break export into the various > back-end log stores and SIEMs. When adding new fields, it would be > nice to see them added to the end of the Info structure. This was a complete rework on the logs and scripts so the structure is completely different. Unfortunately it wasn't just one of the cases where a field or two was added. I don't think that assuming the order of fields is ever a safe assumption. It's why we shipped a version of bro-cut with Bro 2.0. We wanted to encourage people to refer to fields by the field name rather than the ordinal position of the field. .Seth -- Seth Hall * Corelight, Inc * www.corelight.com _______________________________________________ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
