Hi Joe, we're planning to enable generic dictionary lookups in the message processing pipelines <http://docs.graylog.org/en/2.1/pages/pipelines.html> in a future release, but for now you'd have to do this with Drools: http://docs.graylog.org/en/2.1/pages/drools.html
Cheers, Jochen On Friday, 14 October 2016 20:27:28 UTC+2, Joe G wrote: > > What would be the best way to have fields populate based on the OUI from > MAC or DHCP options from a request ( > https://github.com/inverse-inc/fingerbank/blob/master/dhcp_fingerprints.conf)? > > For instance, If I want to see how many requests to a DHCP server are from > VMWARE (00:50:56) Hyper-V (00-15-5D), each one uses a unique OUI and I'd > like to autotag as HyperVisor="x" based on the OUI. And do something > similar for the DHCP option such as OS="x" based on the FINGERPRINT log but > I'd like the import the database once a month instaed on modifying many > extractors. > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/2cfd6edc-6037-4d5b-a96b-a1f041d36244%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
