[Bro] dhcp_host_name field

ps sunu pssunu6 at gmail.com
Tue Apr 11 05:21:28 PDT 2017


Hi,
         I need to copy  "host_name" output into  dhcp.log
"dhcp_host_name " below my script  please help me

http://try.bro.org/#/trybro/saved/137433

my script

##! Tracks MAC address with hostnames seen in DHCP traffic. They are logged
into
##! ``devices.log``.

@load policy/misc/known-devices

module Known;

export {
redef record DHCP::Info += {
        ## The value of the DHCP host name option, if seen.
        dhcp_host_name:    string        &log &optional;
    };
}

event dhcp_request(c: connection, msg: dhcp_msg, req_addr: addr, serv_addr:
addr, host_name: string)
    {




    if ( host_name != "" )
        if (c?$dhcp)
        {
c$dhcp$dhcp_host_name = host_name;
}
# c$dhcp = info;
    #print host_name;
    #print c$dhcp$dhcp_host_name;

    #print c$dhcp;


    #    Log::write(Known::DEVICES_LOG, [$ts=network_time(),
$mac=msg$h_addr, $dhcp_host_name=host_name]);

    }
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170411/15d62edf/attachment.html 


More information about the Bro mailing list