This package adds the _interface field to Zeek logs to indicate which
interface generated a log entry. By default the field is only added to
the conn.log. For further configuration, the following options are
available:
| Option | Default Value | Description |
|---|---|---|
enable_all_logs: bool |
F |
Enables interfaces for all active streams |
exclude_logs: set[Log::ID] |
{ } |
Streams not to add interfaces for |
include_logs: set[Log::ID] |
{ Conn::LOG } |
Streams to add interfaces for |
If Zeek is not executed in cluster mode, the field is not added.