[Bro] &log cert_chain attribute (vector of Files::info) in ssl.log file

Robert Harrelson bobharrelsons at gmail.com
Tue Mar 28 10:33:51 PDT 2017


&log cert_chain attribute (vector of Files::info) in ssl.log file.

I would like to list the server's chain of certificates in ssl.log (log of
handshake data) alongside each handshake.

In ssl.log, the cert_chain attribute (certificate chain of the server) is
not being logged, and is of type *vector of **Files::info*. When I tried to
add "&log" attribute to cert_chain in files.bro, it gave an error that:

".... cert_chain is of type that cannot be logged."

When I tried changing the type from *vector of Files::info* to *vector of
string*, it sprang up some different errors since cert_chain is referenced
as a *vector of Files::info* in other parts of files.bro script.

Please tell me how I can log the cert_chain attribute in ssl.log file.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170328/bed0e745/attachment.html 


More information about the Bro mailing list