Log entire payloads
Ruoming Pang
rpang at CS.Princeton.EDU
Fri Apr 23 07:41:16 PDT 2004
> I'd like to log http payloads for each connection seen on my network.
>
> In fact, I'd like to get something like :
> Src_IP;Dst_IP;Request_Payload;Reply_Payload
>
> but with entire payloads (not only URIs, but also banners...)
Hi, Yohann,
One possibility is to load the contents.bro script. It will write the
contents of every connection to two files (contents-*), one for each
direction. Note that it does writing for every connection, not just HTTP
ones. If you want the latter, you might want to adapt the script
accordingly.
Ruoming
More information about the Bro
mailing list