[Bro] Custom log file
Beyaz Şapka
siberkartal at gmail.com
Tue Jan 3 10:53:24 PST 2017
Hi Justin,
HTTP::log_http and Files::log_files based approach is working now.
https://pastebin.mozilla.org/8958232
But I came to that point with trial-and-error method.
Here is the success story.
I should build filename at the event file_over_new_connection .
I should update filename with the extension in the file_sniff and call
extract, md5, and sha1 analyzers in here.
I do not know why I need to extract filename at the
file_over_new_connection method, but not in file_sniff or something else.
This script may work just for that sample, I need some guidance.
Thanks,
On Tue, Jan 3, 2017 at 6:26 PM, Azoff, Justin S <jazoff at illinois.edu> wrote:
>
> > On Jan 2, 2017, at 2:58 PM, Beyaz Şapka <siberkartal at gmail.com> wrote:
> >
> > For this reason, I used HTTP::log_http and Files::log_files events.
> > I can get all values from that events except resp_h and resp_p.
> >
>
> Oh? Those two fields are part of the `id` field in the HTTP::Info record.
>
> --
> - Justin Azoff
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170103/4bd5f798/attachment-0001.html
More information about the Bro
mailing list