Add VLAN tags to all Zeek logs
This script adds VLAN tags to all of the Zeek logs that have the
zkg refresh zkg install corelight/log-add-vlan-everywhere
All Zeek logs that contain connection information with the
should have fields that indicate VLAN tags (named
Potential Side Effects
There are potential side effects from loading this script if another script
is indexing tables based on the
c$id field. This generally is not done
in most modern scripts and is not done in the core Zeek distribution anywhere.
This script tries to avoid potential trouble with this indexing issue by
only grabbing the VLAN information from the
event because any other script that uses
c$id for indexing would probably
always get the value that was collected already anyway.
If you think that this script is impacting any other script please reach out
to us at email@example.com and let us know what script you think it might be impacting.
Nate Guagenti @neu5ron Seth Hall <firstname.lastname@example.org>