Determining bro version from conn.log file

Question

Is there any way to determine the current bro version from the conn.log file?

I have an application that parses conn.logs and I don't currently see anything in the header that details a version number

Answer 1

If your logs are in TSV format, the header information provides a schema:

#separator \x09
#set_separator  ,
#empty_field    (empty)
#unset_field    -
#path   conn
#open   2018-07-30-17-02-19
#fields ts      uid     id.orig_h       id.orig_p       id.resp_h       id.resp_p       proto   serviceduration        orig_bytes      resp_bytes      conn_state      local_orig      local_resp      missed_bytes   history orig_pkts       orig_ip_bytes   resp_pkts       resp_ip_bytes   tunnel_parents
#types  time    string  addr    port    addr    port    enum    string  interval        count   count string   bool    bool    count   string  count   count   count   count   set[string]

In JSON, no such header or schema currently exists. I would suggest basing your processing on known fields and their types, e.g. based on the TSV output.