[Bro] More connection info in Software::Info?
n.siow at wustl.edu
Tue Oct 1 07:42:39 PDT 2013
Hey, had a quick question about the connection information in the
>From what I can see in the source code / manual there seems to be only one
side of the connection represented ( only "host" and "host_p" ).
For what we are trying to do, we want the full connection to be logged.
Just how HTTP for example records the originating / responding host / port.
Since the Software::found function seems to take a connection as a
parameter, would it be possible to pull c$id$orig_h, c$id$orig_p,
c$id$resp_h, and c$id$resp_p fields out and log all of them? Or is there
some limitation that prevents those fields from being accessed / logged?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro