It's hard to answer if it's a good idea. It really depends on the desired
goal of your manager.
From a security perspective, I'd rather have that data on the conn log. You
can correlate the conn to the http traffic or any other protocol, but not
reduce the visibility by pinning it to a single protocol.
I would need to know more about the goals and you are always free to reach
out to me directly if you'd prefer.
Hope this helps.
On Tue, Dec 22, 2020 at 3:02 AM Robert Gabriel via zeek <zeek(a)lists.zeek.org>
My manager wants geolocation info in the http.log.
I have looked at several scripts and only see geolocation info in conn.log
and ssh.log etc.
Is it a sound idea to have geolocation info in the http.log?
zeek mailing list -- zeek(a)lists.zeek.org
To unsubscribe send an email to zeek-leave(a)lists.zeek.org
*Patrick Kelley, CISSP, C|EH, ITIL*
(o) (478) 309-CRIT (2748)
[image: facebook] <https://www.facebook.com/criticalpathsec/>
[image: twitter] <https://twitter.com/criticalpathsec>
[image: linkedin] <https://www.linkedin.com/company/critical-path-security/>