[Bro] IP address in addition to MAC and DHCP_host_name
Adam Pumphrey
apumphrey at bricata.com
Wed Aug 2 16:02:23 PDT 2017
You also need to add the assigned_ip field to the DevicesInfo record redef statement.
From: <bro-bounces at bro.org> on behalf of Vikram Basu <vikrambasu059 at gmail.com>
Date: Tuesday, August 1, 2017 at 8:44 AM
To: "bro at bro.org" <bro at bro.org>
Subject: [Bro] IP address in addition to MAC and DHCP_host_name
Hi,
I saw that the known_devices.log has timestamp, mac address and dhcp_host_name. I want to add the assigned IP address field to this log as well.
I thought changing the known-devices-and-hostname.bro script in the following manner would add the field to the log. But it does not seem to work.
What am I doing wrong ?
Regards
Vikram Basu
Known-devices-and-hostnames.bro
-------------------------------------------------
@load policy/misc/known-devices
module Known;
export {
redef record DevicesInfo += {
## The value of the DHCP host name option, if seen.
dhcp_host_name: string &log &optional;
};
}
event dhcp_request(c: connection, msg: dhcp_msg, req_addr: addr, serv_addr: addr, host_name: string)
{
if ( msg$h_addr == "" )
return;
if ( msg$h_addr !in known_devices )
{
add known_devices[msg$h_addr];
Log::write(Known::DEVICES_LOG, [$ts=network_time(), $mac=msg$h_addr, $dhcp_host_name=host_name, $assigned_ip=msg$yiaddr]);
}
}
event dhcp_inform(c: connection, msg: dhcp_msg, host_name: string)
{
if ( msg$h_addr == "" )
return;
if ( msg$h_addr !in known_devices )
{
add known_devices[msg$h_addr];
Log::write(Known::DEVICES_LOG, [$ts=network_time(), $mac=msg$h_addr, $dhcp_host_name=host_name, $assigned_ip=msg$yiaddr]);
}
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170802/bb03b6f0/attachment.html
More information about the Bro
mailing list