[Bro] Custom log file

Beyaz Şapka siberkartal at gmail.com
Tue Jan 3 10:53:24 PST 2017

Hi Justin,

HTTP::log_http and Files::log_files based approach is working now.

But I came to that point with trial-and-error method.
Here is the success story.
I should build filename at the event file_over_new_connection .
I should update filename with the extension in the file_sniff and call
extract, md5, and sha1 analyzers in here.

I do not know why I need to extract filename at the
file_over_new_connection method, but not in file_sniff or something else.
This script may work just for that sample, I need some guidance.


On Tue, Jan 3, 2017 at 6:26 PM, Azoff, Justin S <jazoff at illinois.edu> wrote:

> > On Jan 2, 2017, at 2:58 PM, Beyaz Şapka <siberkartal at gmail.com> wrote:
> >
> > For this reason, I used HTTP::log_http and Files::log_files events.
> > I can get all values from that events except resp_h and resp_p.
> >
> Oh?  Those two fields are part of the `id` field in the HTTP::Info record.
> --
> - Justin Azoff
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170103/4bd5f798/attachment-0001.html 

More information about the Bro mailing list