[Bro] id into x509.log
Azoff, Justin S
jazoff at illinois.edu
Thu Apr 20 13:25:08 PDT 2017
> On Apr 20, 2017, at 4:11 PM, ps sunu <pssunu6 at gmail.com> wrote:
>
> Hi
>
> I need to write id into x509.log , but its giving error
>
> redef record X509::Info += {
> # tx_cc: string &log &optional;
> #rx_cc: string &log &optional;
>
> #tx_asn: count &log &optional;
> #rx_asn: count &log &optional;
> id: conn_id &log &optional;
> };
> event file_state_remove(f: fa_file) &priority=5
> {
> if ( ! f$info?$x509 )
> return;
>
> f$info$x509 = f$id;
> }
>
x509 info record already has an id field:
## File id of this certificate.
id: string &log;
and you're trying to assign the entire record to f$id instead of a particular field.
Maybe you mean something like this:
redef record X509::Info += {
conn_id: conn_id &log &optional;
};
event file_state_remove(f: fa_file) &priority=5
{
if ( ! f$info?$x509 )
return;
# Assume this file only has one connection
for ( id in f$conns )
local c = f$conns[id];
f$info$x509$conn_id = c$id;
}
--
- Justin Azoff
More information about the Bro
mailing list