[Bro] Adding a human-readable timestamp field.
Justin Azoff
JAzoff at albany.edu
Wed Aug 7 10:48:34 PDT 2013
On Wed, Aug 07, 2013 at 12:07:03PM -0400, Dani Witherspoon wrote:
> event time_translate(c: connection, rec: HTTP::Info)
> {
> local format: string = "%F-%H-%M";
> c$http$human_time = strftime(format, rec$ts);
> }
>
You're right up to here.. the problem is nothing will trigger the
time_translate event. You need to use one of the existing events that
will fire for http connections.
I would try:
event HTTP::log_http(rec: HTTP::Info)
{
..
}
I believe that fires just before the entry is logged, if that doesn't
work an event like connection_established or http_request would
definitely work.
--
-- Justin Azoff
-- Network Security & Performance Analyst
More information about the Bro
mailing list