[Bro] Links in SMTP round 2

James Lay jlay at slave-tothe-box.net
Fri Nov 8 06:25:07 PST 2013

So here’s where I’m at:

event bro_init()
    local filter: Log::Filter = [$name="smtp-http", $path="smtp-http", $include=set("ts", "uid", "id.orig_h", "id.orig_p", "id.resp_h", "id.resp_p", "mailfrom", "rcptto", "date", "from", "to", "reply_to"
, "msg_id", "subject")];
    Log::add_filter(SMTP::LOG, filter);

redef record SMTP::Info += {
    smtp_http: string &log;

event mime_entity_data(c:connection, length: count, data:string)

My snags are:

error in /usr/local/bro/share/bro/base/protocols/smtp/./main.bro, line 10: extension field must be &optional or have &default (SMTP::Info)
error in ./testfiles/test.bro, line 12: syntax error, at end of file

I’m hoping the first error is because I haven’t defined the new field of smtp_http yet.  As for the second, I’m not sure how to create that field.  I’ve been looking heavily at http://www.bro.org/sphinx-git/frameworks/logging.html, but so far this is all I have.  ANY help…tutorials…pointers…something would really save me some time.  Thank you.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20131108/ee41cf47/attachment.bin 

More information about the Bro mailing list