[Bro] Enforce hex encoding in log output

[Jesse Bowling]

So I wanted some Bro to capture the contents of HTTP POST's, and found in
the archives that Seth had already written such a thing:

module HTTP;

export {
        ## The number of bytes that will be included in the http
        ## log from the client body.
        const post_body_limit = 1024;

        redef record Info += {
                post_body: string &log &optional;
        };

}

event http_entity_data(c: connection, is_orig: bool, length: count, data:
string)
        {
        if ( is_orig )
                {
                if ( ! c$http?$post_body )
                        c$http$post_body = sub_bytes(data, 0,
post_body_limit);
                else if ( |c$http$post_body| < post_body_limit )
                        c$http$post_body = string_cat(c$http$post_body,
sub_bytes(data, 0, post_body_limit-|c$http$post_body|));
                }
        }


So now my question is: in the output of the data, can we ensure that ALL
data is hex encoded, even if it's part of the ASCII character set? I need
to put this data into a feed, and not being able to count on a delimiter is
problematic...

Thanks,

Jesse

-- 
Jesse Bowling
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20130211/45b833d2/attachment.html