[Bro] IP address in addition to MAC and DHCP_host_name
Vikram Basu
vikrambasu059 at gmail.com
Tue Aug 1 05:44:31 PDT 2017
Hi,
I saw that the known_devices.log has timestamp, mac address and dhcp_host_name. I want to add the assigned IP address field to this log as well.
I thought changing the known-devices-and-hostname.bro script in the following manner would add the field to the log. But it does not seem to work.
What am I doing wrong ?
Regards
Vikram Basu
Known-devices-and-hostnames.bro
-------------------------------------------------
@load policy/misc/known-devices
module Known;
export {
redef record DevicesInfo += {
## The value of the DHCP host name option, if seen.
dhcp_host_name: string &log &optional;
};
}
event dhcp_request(c: connection, msg: dhcp_msg, req_addr: addr, serv_addr: addr, host_name: string)
{
if ( msg$h_addr == "" )
return;
if ( msg$h_addr !in known_devices )
{
add known_devices[msg$h_addr];
Log::write(Known::DEVICES_LOG, [$ts=network_time(), $mac=msg$h_addr, $dhcp_host_name=host_name, $assigned_ip=msg$yiaddr]);
}
}
event dhcp_inform(c: connection, msg: dhcp_msg, host_name: string)
{
if ( msg$h_addr == "" )
return;
if ( msg$h_addr !in known_devices )
{
add known_devices[msg$h_addr];
Log::write(Known::DEVICES_LOG, [$ts=network_time(), $mac=msg$h_addr, $dhcp_host_name=host_name, $assigned_ip=msg$yiaddr]);
}
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170801/0283844e/attachment-0001.html
More information about the Bro
mailing list