Log entire payloads
Yohann Thomas
yohann.thomas at rd.francetelecom.com
Fri Apr 23 06:54:49 PDT 2004
Hi everybody !!!
I'd like to log http payloads for each connection seen on my network.
In fact, I'd like to get something like :
Src_IP;Dst_IP;Request_Payload;Reply_Payload
but with entire payloads (not only URIs, but also banners...)
At the moment, the only way I found to manage that is to load the
signature module and write a signature file using payload /.*/, in order
to get the payloads on signature_match events with the data string.
It works, but unfortunately, this solution is a bit heavy in term of CPU
usage. There's probably a way to get these payloads using a built-in
function (and avoiding signatures module) ??? In fact, having a look at
the http-related modules, I can't find how I can handle this problem...
Anybody to help me ??? (or just to tell me it's not possible with
built-in functionnalities... ;-( )
Yohann.
More information about the Bro
mailing list