Dear Sebastian,
> Is the IP part of the message or is it a mapping needed?
test-file-collector (192.0.2.0-192.0.2.255) ----------> test-message-expert (192.0.2.10) ---> test-tcp-output
No, the idea is that the expert bot makes ip range correlation with interface (REST GET) from extern server.
example
192.0.2.10 = Get_IP4RANGE_FROM_SEVER ("192.0.2.0-192.0.2.255")
I would like to set the IP runtime parameter (192.0.2.10) of the TCP-output bot "test-tcp-output".
I honestly did not understand how to implement this with filters.
Regards Majid
From: Sebastian Wagner [mailto:wagner@cert.at]
Sent: Donnerstag, 5. Juli 2018 16:10
To: Salehi Ghamsari, Majid <majid.salehi.ghamsari@fokus.fraunhofer.de>; intelmq-dev@lists.cert.at
Subject: Re: [Intelmq-dev] changing bot runtime parameter
Hi,
On 2018-07-05 14:56, Salehi Ghamsari, Majid wrote:
I would like to put or change the IP runtime parameter of the TCP output bot “test-tcp-output” depends on Message that I get from file-collector in the runtime.
What is the best method to do this in intelmq?
Is the IP part of the message or is a mapping needed?
Are the IPs fixed and is the number of them small? Then you can use filters and different output bots, the explicit way.
Sebastian
--
// Sebastian Wagner <wagner@cert.at> - T: +43 1 5056416 7201
// CERT Austria - https://www.cert.at/
// Eine Initiative der nic.at GmbH - https://www.nic.at/
// Firmenbuchnummer 172568b, LG Salzburg