[Bro] Adding a human-readable timestamp field.
Dani Witherspoon
punchpernickle at gmail.com
Wed Aug 7 09:07:03 PDT 2013
Hi all!
Full disclosure: I'm a bit of a bro-ginner, only been working with bro for
about a month now.
I'm working on a bro script to add a human-readable timestamp field to my
(http) logs, but I've run into a bit of a pickle.
Though my script checks out ("bro is ok!"), installs just fine, and even
adds the appropriate field...every entry in the field column is unset! I'm
not sure where I've gone astray , and I would appreciate any pointers.
I've included the text of my script below.
Thank you!
-Dani
@load base/protocols/http
module HTTP;
export {
redef record Info += {
## A human-readable timestamp
human_time: string &log &optional;
};
}
event time_translate(c: connection, rec: HTTP::Info)
{
local format: string = "%F-%H-%M";
c$http$human_time = strftime(format, rec$ts);
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20130807/4a4cb159/attachment.html
More information about the Bro
mailing list