From 19d0537d51dec5510ff155ea5fec87298bbb6a18 Mon Sep 17 00:00:00 2001
From: Veronica Valeros <vero.valeros@gmail.com>
Date: Sun, 21 May 2023 12:14:20 +0200
Subject: [PATCH 1/2] Parse 'uids' column for dhcp.log

---
 zeek-files-labeler.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/zeek-files-labeler.py b/zeek-files-labeler.py
index ed71d7d..732a464 100755
--- a/zeek-files-labeler.py
+++ b/zeek-files-labeler.py
@@ -110,6 +110,7 @@ def define_columns(headerline, filetype):
     column_idx['detailedlabel'] = False
     column_idx['fingerprint'] = False
     column_idx['id'] = False
+    column_idx['uids'] = False
 
     try:
         if 'csv' in filetype or 'tab' in filetype:
@@ -186,6 +187,8 @@ def define_columns(headerline, filetype):
                     column_idx['label'] = nline.index(field)
                 elif 'fingerprint' in field.lower():
                     column_idx['fingerprint'] = nline.index(field)
+                elif 'uids' in field.lower():
+                    column_idx['uids'] = nline.index(field)
                 elif 'id' in field.lower():
                     column_idx['id'] = nline.index(field)
         elif 'json' in filetype:

From c6202080e5a7ca4bf4683fb08575360968af3b23 Mon Sep 17 00:00:00 2001
From: Veronica Valeros <vero.valeros@gmail.com>
Date: Sun, 21 May 2023 12:14:47 +0200
Subject: [PATCH 2/2] Improve read column values from the zeek line

---
 zeek-files-labeler.py | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/zeek-files-labeler.py b/zeek-files-labeler.py
index 732a464..88d3891 100755
--- a/zeek-files-labeler.py
+++ b/zeek-files-labeler.py
@@ -707,10 +707,12 @@ def process_zeekfolder():
 
                     # Read column values from the zeek line
                     try:
-                        if zeekfile_name != 'files.log':
-                            uid = line_values[column_idx['uid']]
-                        elif zeekfile_name == 'files.log':
+                        if zeekfile_name == 'files.log':
                             uid = line_values[column_idx['conn_uids']]
+                        elif zeekfile_name == 'dhcp.log':
+                            uid = line_values[column_idx['uids']]
+                        else:
+                            uid = line_values[column_idx['uid']]
 
                         lines_labeled += 1