[Bro] adding output into intel.log

ps sunu pssunu6 at gmail.com
Thu Jan 26 04:17:25 PST 2017

 i need to write the  if condition output into Intel.log  category field
which i have added in intel.log

my latest code

@load frameworks/intel/seen

export {

redef Intel::read_files += {
fmt("%s/intel-1.dat", @DIR)

redef record Intel::Info += {
    category: string &optional &log;
    attribute: string &log &optional;


event Intel::log_intel (rec: Intel::Info)

    if ( rec$seen$where == HTTP::IN_HOST_HEADER )
print "True";
     print "False ";
    print "rec$seen$where is", rec$seen$where;


       I need if condition True string into intel.log category field its
possible   ?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170126/0df6e4e2/attachment.html 

More information about the Bro mailing list