[Bro] dhcp log

ps sunu pssunu6 at gmail.com
Mon Apr 10 10:41:10 PDT 2017 

no print output . and its blank

dhcp.log

#open   2017-04-10-10-37-27
#fields ts      uid     id.orig_h       id.orig_p       id.resp_h
id.resp_p       mac     assigned_ip     lease_time      trans_id
 orig_hostname   resp_hostname
#types  time    string  addr    port    addr    port    string  addr
 interval        count   string  string
1491343946.444166       CHcwRb1IXBXBSql2Jk      255.255.255.255 68
 10.16.80.1      67      4c:34:88:02:43:d3       255.255.255.255 0.000000
     3620830950      -       -
1491343946.444199       CHcwRb1IXBXBSql2Jk      255.255.255.255 68
 10.16.80.1      67      4c:34:88:02:43:d3       255.255.255.255 0.000000
     3620830950      -       -


On Mon, Apr 10, 2017 at 9:43 PM, ps sunu <pssunu6 at gmail.com> wrote:

> no change same output
>
> On Mon, Apr 10, 2017 at 9:24 PM, fatema bannatwala <
> fatema.bannatwala at gmail.com> wrote:
>
>> Could you try following in place of the original dhcp_ack event:
>>
>> event dhcp_ack(c: connection, msg: dhcp_msg, mask: addr, router: dhcp_router_list, lease: interval, serv_addr: addr, host_name: string)
>> {
>> local info: DHCP::Info;
>> if ( c$dhcp$id$orig_h in TrackCONN::host_name_user1 )
>>   { info$orig_hostname = TrackCONN::host_name_user1[c$dhcp$id$orig_h];
>>    print host_name_user1[c$id$orig_h];
>>   }
>> }
>>
>>
>> On Mon, Apr 10, 2017 at 11:21 AM, ps sunu <pssunu6 at gmail.com> wrote:
>>
>>> Hi,
>>>        i created a bro which will record "client" field  and write it in
>>> dhcp.log,the problem the recording part is working but its not writing into
>>> dhcp file , its creating orig_hostname but its is blank any one help me
>>>
>>> below my script
>>>
>>> module TrackCONN;
>>>
>>>
>>> export {
>>>    global host_name_user1: table[addr] of string &synchronized &write_expire=7day;
>>>
>>>
>>>   redef record DHCP::Info += {
>>>
>>>     orig_hostname: string &log &optional; #  take from dhcp hostname and kerberos host
>>>
>>>
>>>   };
>>> }
>>>
>>>
>>> event KRB::log_krb (rec: KRB::Info)
>>> {
>>>  if(rec?$client) {
>>>   host_name_user1[rec$id$orig_h] = rec$client;
>>>   #print host_name_user1[rec$id$orig_h];
>>>   }
>>>
>>>
>>>
>>> }
>>>
>>>
>>> Regards,
>>>
>>> Sunu
>>>
>>>
>>> event dhcp_ack(c: connection, msg: dhcp_msg, mask: addr, router: dhcp_router_list, lease: interval, serv_addr: addr, host_name: string)
>>> {
>>>
>>> if ( c$dhcp$id$orig_h in TrackCONN::host_name_user1 )
>>>     c$dhcp$orig_hostname = TrackCONN::host_name_user1[c$dhcp$id$orig_h];
>>>     print host_name_user1[c$id$orig_h];
>>> }
>>>
>>>
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170410/b602bbda/attachment.html

More information about the Bro mailing list