[Bro] id into x509.log

Azoff, Justin S jazoff at illinois.edu
Thu Apr 20 13:25:08 PDT 2017


> On Apr 20, 2017, at 4:11 PM, ps sunu <pssunu6 at gmail.com> wrote:
> 
> Hi 
> 
>                 I need to write id into x509.log  , but its giving error
> 
> redef record X509::Info += {
> #       tx_cc: string &log &optional;
>         #rx_cc: string &log &optional;
> 
>        #tx_asn: count &log &optional;
>         #rx_asn: count &log &optional;
>         id: conn_id &log &optional;
> };
> event file_state_remove(f: fa_file) &priority=5
>         {
>         if ( ! f$info?$x509 )
>                 return;
> 
>          f$info$x509 = f$id;
>         }
> 

x509 info record already has an id field:

        ## File id of this certificate.
        id: string &log;

and you're trying to assign the entire record to f$id instead of a particular field.

Maybe you mean something like this:


redef record X509::Info += {
    conn_id: conn_id &log &optional;
};

event file_state_remove(f: fa_file) &priority=5
    {
    if ( ! f$info?$x509 )
        return;

    # Assume this file only has one connection
    for ( id in f$conns )
        local c = f$conns[id];
        f$info$x509$conn_id = c$id;
    }



-- 
- Justin Azoff




More information about the Bro mailing list