[Bro] Adding a human-readable timestamp field.
James Lay
jlay at slave-tothe-box.net
Wed Aug 7 10:02:20 PDT 2013
On 2013-08-07 10:07, Dani Witherspoon wrote:
> Hi all!
>
> Full disclosure: Im a bit of a bro-ginner, only been working with bro
> for about a month now.
>
> Im working on a bro script to add a human-readable timestamp field to
> my (http) logs, but Ive run into a bit of a pickle.
>
> Though my script checks out ("bro is ok!"), installs just fine, and
> even adds the appropriate field...every entry in the field column is
> unset! Im not sure where Ive gone astray , and I would appreciate any
> pointers.
>
> Ive included the text of my script below.
>
> Thank you!
> -Dani
>
> @load base/protocols/http
>
> module HTTP;
>
> export {
> redef record Info += {
> ## A human-readable timestamp
> human_time: string &log &optional;
> };
> }
>
> event time_translate(c: connection, rec: HTTP::Info)
> {
> local format: string = "%F-%H-%M";
> c$http$human_time = strftime(format, rec$ts);
> }
Seth,
I see a lot of these...any chance we could get a config feature request
that would default to human readable.
James
More information about the Bro
mailing list