Closed rsmmr closed 4 years ago
Because we are now using the UUID for identifying hosts, we have lost the ability to associate a readable hostname with the information we're logging.
I suggest we extend the host_new event to get the endpoint's self-reported hostname back in there, i.e.,:
host_new
event ZeekAgent::host_new(peer_name: string, host_id: string, hostname: string, group_list: vector of string, zeek_agent_version: string, zeek_agent_edition: string)
Then on the framework side, we can maintain a mapping from UUID to hostnames and use that to log the names in addition to the UUIDs (I got a preliminary patch for that, just need the agent-side change to send the hostname)
Because we are now using the UUID for identifying hosts, we have lost the ability to associate a readable hostname with the information we're logging.
I suggest we extend the
host_newevent to get the endpoint's self-reported hostname back in there, i.e.,:Then on the framework side, we can maintain a mapping from UUID to hostnames and use that to log the names in addition to the UUIDs (I got a preliminary patch for that, just need the agent-side change to send the hostname)