[Bro] http_request event

Shane Castle shane.castle at gmail.com
Tue May 6 06:59:12 PDT 2014

Hmm, yknow it's been a while since I messed around in Bro code, but I
*think* the reason might be 'cos the host field is not filled in at that
point in the processing. It looks like it's not til the header is being
processed that it gets a value, in the "event http_header" part of
http/main.bro. The IP addresses might have values, though.

Just out of curiosity, can you talk about what you are trying to
accomplish here? Are you modifying the main.bro script, or are you
adding to local.bro, or what?

Shane Castle

On 06.05.2014 14:56, Knick, Scott E CTR USARMY RCERT-EUR (US) wrote:
> Hello all,
> This is my first message to the mailing list. I was hoping someone could help me understand something regarding the HTTP module's http_request event. Specifically, I was hoping I could get access to the additional information added to the connection parameter by the HTTP module, but when the event is fired, my handler is unable to reference the information as it doesn't appear that it's there. The information I'm referring to is the following (from the bro/share/bro/base/protocols/httpd/main.bro file):
> # Add the http state tracking fields to the connection record.
> redef record connection += {
> 	http:        Info  &optional;
> 	http_state:  State &optional;
> };
> When I try to get to the http field's host field, I get a "field value missing [WebRequests::c$http$host]" error.
> Any thoughts?
> --
> Scott Knick
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

More information about the Bro mailing list