[Bro] Custom log file
siberkartal at gmail.com
Tue Jan 3 10:53:24 PST 2017
HTTP::log_http and Files::log_files based approach is working now.
But I came to that point with trial-and-error method.
Here is the success story.
I should build filename at the event file_over_new_connection .
I should update filename with the extension in the file_sniff and call
extract, md5, and sha1 analyzers in here.
I do not know why I need to extract filename at the
file_over_new_connection method, but not in file_sniff or something else.
This script may work just for that sample, I need some guidance.
On Tue, Jan 3, 2017 at 6:26 PM, Azoff, Justin S <jazoff at illinois.edu> wrote:
> > On Jan 2, 2017, at 2:58 PM, Beyaz Şapka <siberkartal at gmail.com> wrote:
> > For this reason, I used HTTP::log_http and Files::log_files events.
> > I can get all values from that events except resp_h and resp_p.
> Oh? Those two fields are part of the `id` field in the HTTP::Info record.
> - Justin Azoff
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro