[Bro] adding output into intel.log
ps sunu
pssunu6 at gmail.com
Thu Jan 26 04:17:25 PST 2017
i need to write the if condition output into Intel.log category field
which i have added in intel.log
my latest code
@load frameworks/intel/seen
export {
redef Intel::read_files += {
fmt("%s/intel-1.dat", @DIR)
};
redef record Intel::Info += {
category: string &optional &log;
attribute: string &log &optional;
};
}
event Intel::log_intel (rec: Intel::Info)
{
if ( rec$seen$where == HTTP::IN_HOST_HEADER )
{
print "True";
}
else
{
print "False ";
}
print "rec$seen$where is", rec$seen$where;
}
I need if condition True string into intel.log category field its
possible ?
http://try.bro.org/#/trybro/saved/118899
Regards,
Sunu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170126/0df6e4e2/attachment.html
More information about the Bro
mailing list