Change Zeek Sensor Name (and its database name in AC-Hunter)

By default we name a sensor “hostname__ipaddress”. If you want to force a name for a sensor, edit /etc/rita/agent.yaml on the Zeek sensor. Here are the commands to use as the file and its parent directory may not exist:

sudo mkdir -p /etc/rita
sudo vim /etc/rita/agent.yaml

Feel free to use any editor in place of vim, above. You’ll need to add a line to that file of this form:

Name: custom_sensor_name

The only characters you can use for the name are upper and lowercase letters, digits, the underscore, caret, plus and equals. The entire name needs to be 52 characters or less.
Here’s a sample:

sudo cat /etc/rita/agent.yaml
Name: zeek_sensor_A17

Direct Link to this FAQ Item: https://portal.activecountermeasures.com/support/faq/?Display_FAQ=851