I too have been using the app for some time and really appreciate it. How can we recommend a change this app? I would like to modify the auto sourcetyping in transforms.conf. Currently ,it does not account for log filename formats with underscore, i.e. smb_files.log. This puts files.log and smb_files.log in same sourcetype. The modbus_register_change.log is mapped to bro_change sourcetype. Current:  REGEX = (?:[a-zA-Z0-9]+\.)?([a-zA-Z0-9]+)\.log Recommended Change: One capture group with entire filename in current Bro/Zeek naming convention format. REGEX =([a-zA-Z0-9\_]+)\.log This will make all log filenames sourcetypes with bro_ appended to it. ... View more

Hi mcmaster, Does this parse Unified2 event_types, i.e. mpls_ID, vlan_ID, app_ID? Will it work with Python3? ... View more

Hi mcmaster, Will this work with Python3? Does it parse unified2 event_types, i.e. mpls, vlan, appid? ... View more