[Bro] dhcp log

[fatema bannatwala]

Could you try following in place of the original dhcp_ack event:

event dhcp_ack(c: connection, msg: dhcp_msg, mask: addr, router:
dhcp_router_list, lease: interval, serv_addr: addr, host_name: string)
{
local info: DHCP::Info;
if ( c$dhcp$id$orig_h in TrackCONN::host_name_user1 )
  { info$orig_hostname = TrackCONN::host_name_user1[c$dhcp$id$orig_h];
   print host_name_user1[c$id$orig_h];
  }
}


On Mon, Apr 10, 2017 at 11:21 AM, ps sunu <pssunu6 at gmail.com> wrote:

> Hi,
>        i created a bro which will record "client" field  and write it in
> dhcp.log,the problem the recording part is working but its not writing into
> dhcp file , its creating orig_hostname but its is blank any one help me
>
> below my script
>
> module TrackCONN;
>
>
> export {
>    global host_name_user1: table[addr] of string &synchronized &write_expire=7day;
>
>
>   redef record DHCP::Info += {
>
>     orig_hostname: string &log &optional; #  take from dhcp hostname and kerberos host
>
>
>   };
> }
>
>
> event KRB::log_krb (rec: KRB::Info)
> {
>  if(rec?$client) {
>   host_name_user1[rec$id$orig_h] = rec$client;
>   #print host_name_user1[rec$id$orig_h];
>   }
>
>
>
> }
>
>
> Regards,
>
> Sunu
>
>
> event dhcp_ack(c: connection, msg: dhcp_msg, mask: addr, router: dhcp_router_list, lease: interval, serv_addr: addr, host_name: string)
> {
>
> if ( c$dhcp$id$orig_h in TrackCONN::host_name_user1 )
>     c$dhcp$orig_hostname = TrackCONN::host_name_user1[c$dhcp$id$orig_h];
>     print host_name_user1[c$id$orig_h];
> }
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170410/b2ba31f4/attachment.html