[Bro-Dev] Support for HTTP body extraction of originator

Seth Hall seth at icir.org
Sun Apr 21 06:05:32 PDT 2013

On Apr 20, 2013, at 12:16 PM, Matthias Vallentin <vallentin at icir.org> wrote:

>  # Client body extraction is not currently supported in this script.
>  if ( is_orig )
>    return;
> Does anyone recall the reason for this?

Oversight on my part. :)

> Here's my suggestion: we'd introduce an enum that specifies the
> direction, e.g., ORIG, RESP, BOTH. Users can then decide what they'd
> like to have recorded.

This is all being done through the file analysis framework now and is being abstracted there now.  The script you are having trouble with is being removed.


Seth Hall
International Computer Science Institute
(Bro) because everyone has a network

More information about the bro-dev mailing list