[Bro] Customization for HTTP logs
omer security
omer007infosec at gmail.com
Thu Nov 21 04:23:06 PST 2013
Hi,
In order to be able to log more HTTP headers, I edited the file:
/bro/share/bro/base/protocols/http/main.bro (the edited file is attached to
this mail).
In addition to this file change I added log filter into
/bro/share/bro/site/local.bro file.
The log is created and most of fields logged well except the following
fields:
response_content_length
cookie
response_content_type
Can someone tell me what's wrong ?
Thanks,
Omer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20131121/fafd098e/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: main.bro
Type: application/octet-stream
Size: 11436 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20131121/fafd098e/attachment.obj
More information about the Bro
mailing list