[Bro] unusual_http_methods.bro script error
fatema bannatwala
fatema.bannatwala at gmail.com
Mon Jan 23 17:19:55 PST 2017
Hi Sunu,
Quick look at your script, tells that you are using
c$http$cluster_client_ip,
but http record doesn't have any field name "cluster_client_ip".
I think what you want is c$id$orig_ip as the client ip, if that's what the
purpose of cluster_client_ip is.
Also, a great resource to test out your scripts is try to run them on
try.bro.org (great web interface written by Justin, where you can include
print statements like "print c$http; " in your scripts to check to see all
the fields of http record, and then use them accordingly).
Thanks,
Fatema.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170123/569162bb/attachment.html
More information about the Bro
mailing list