[Bro] Links in SMTP round 2
JAzoff at albany.edu
Fri Nov 8 07:07:30 PST 2013
On Fri, Nov 08, 2013 at 07:25:07AM -0700, James Lay wrote:
> error in /usr/local/bro/share/bro/base/protocols/smtp/./main.bro, line 10: extension field must be &optional or have &default (SMTP::Info)
Yep.. you need to mark it as &optional like it says.
> error in ./testfiles/test.bro, line 12: syntax error, at end of file
You just need to handle that event and extract the links.
> I’m hoping the first error is because I haven’t defined the new field of smtp_http yet. As for the second, I’m not sure how to create that field. I’ve been looking heavily at http://www.bro.org/sphinx-git/frameworks/logging.html, but so far this is all I have. ANY help…tutorials…pointers…something would really save me some time. Thank you.
Here is a script that adds a field to the conn log, it does all the
things you need to do:
-- Justin Azoff
-- Network Security & Performance Analyst
More information about the Bro