The bintotext module serves to convert binary data containing text to a list of lines. This is typically used to obtain text lines from a socket through the udp module. The latter returns raw packets of binary data.
The bintotext module is similar to the textfile module in that it returns text lines. While textfile is an input module that reads from files, named pipes and Unix sockets, bintotext takes input already obtained by another module (such as udp).
Configuration options
None.
Fields
The last field is .bintotext.line, available for further dissection; the dissection tag is .bintotext.tag. There is, in fact, no other field.
The .bintotext.tag field has a special status. If you decide to use bintotext by invoking the DISSECT directive in the configuration file orchids-inputs.conf, you will also give it a tag (a string rendition of the destination port number, if you dissect a udp source). This tag is replicated here as .bintotext.tag, so as to allow the output of bintotext to itself be dissected by further modules (such as syslog, for example).
| Field | Type | Mono? | Description |
|---|---|---|---|
.bintotext.tag |
str |
tag for further subdissection | |
.bintotext.line |
str |
current line |