[Bro] Combining fields from http.log and files.log

Vikram Basu vikrambasu059 at gmail.com
Wed Aug 23 02:14:43 PDT 2017


Is it possible to create a combined log file which will have some fields from Bro’s http.log file and some from Bro’s file.log file using the `fuid` field as the common field ?

When I download a file using HTTP connection, I get the name of the file in the http.log while the file size is present in the files.log

How can I correlate the information into a single log file ?


Vikram Basu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170823/d8262c99/attachment.html 

More information about the Bro mailing list