bintotext module serves to convert binary data containing text to a list of lines. This is typically used to obtain text lines from a socket through the
udp module. The latter returns raw packets of binary data.
bintotext module is similar to the
textfile module in that it returns text lines. While
textfile is an input module that reads from files, named pipes and Unix sockets,
bintotext takes input already obtained by another module (such as
The last field is
.bintotext.line, available for further dissection; the dissection tag is
.bintotext.tag. There is, in fact, no other field.
.bintotext.tag field has a special status. If you decide to use
bintotext by invoking the
DISSECT directive in the configuration file
orchids-inputs.conf, you will also give it a tag (a string rendition of the destination port number, if you dissect a
udp source). This tag is replicated here as
.bintotext.tag, so as to allow the output of
bintotext to itself be dissected by further modules (such as
syslog, for example).
|tag for further subdissection