[netsa-tools-discuss] adding fields to SiLK
Davor Frkat
davor.frkat at tuwien.ac.at
Thu Feb 18 09:19:46 EST 2016
Dear SiLK enthusiasts,
(TL;DR) How to add fields like TTL to a SiLK record?
I am currently revising exercices for a network security course on
darkspace data and data analysis.
Until now we were using corsaro [1].
The problem is, that altough SiLK offers a lot, we are missing an field
which is required in the exercises - the TTL.
I was reading up, that there is a quick and dirty solution to rededicate
an unused field [2], which isn't difficult but quite tedious.
Also it is planned to add new fields in later releases:
"Unfortunately, th e answer to your question is that the current version
of SiLK supports a fixed set of fields, and adding new fields to the
core of SiLK is fairly involved.
The next major release of SiLK will support flexible file formats, and
adding additional fields to at that point should be d."
Is that still the case in the current release or did I miss something?
If yes, did somebody already add fields and could point to the needed
changes or share some code (e.g. not released git repo)?
Just want to make sure I don't duplicate the effort, in case there is an
existing solution.
Best regards,
Davor Frkat
[1] http://www.caida.org/tools/measurement/corsaro/
[2]
https://lists.sei.cmu.edu/pipermail/netsa-tools-discuss/2014-November/000037.html
--
Davor Frkat
Technische Universität Wien
Institute of Telecommunications
Gusshausstrasse 25/ E 389
AT-1040
http://www.tc.tuwien.ac.at
More information about the netsa-tools-discuss
mailing list