[Bro-Dev] New http scripts
gregor at icir.org
Tue Aug 16 22:21:47 PDT 2011
quick question. For the new http scripts, after logging a request in
http_message_done, should the c$http record be deleted and re-populated?
Otherwise if the new request that gets logged only fills part of these
fields, the ones from the previous request will be filled out and thus
get logged twice.
(Don't know whether that's an issue for other protocols as well)
event http_message_done(c: connection, is_orig: bool, stat:
http_message_stat) &priority = -5
# The reply body is done so we're ready to log.
if ( ! is_orig )
<gregor at icir.org> <gregor at icsi.berkeley.edu>
Int. Computer Science Institute (ICSI)
1947 Center St., Ste. 600
Berkeley, CA 94704, USA
More information about the bro-dev