[Bro] files.log
fatema bannatwala
fatema.bannatwala at gmail.com
Mon May 1 12:24:13 PDT 2017
Not sure what you would like to log extra in files.log, but files.log
already has a conn_uids field as well as src and dest IPs.
conn id is a four tuple, and only things missing in files.log with regard
to conn$id are ports (orig_p and resp_p), other then these
two fields files.log has pretty much everything you might be interested in.
Or, I might have mis-understood the question. :)
-Fatema.
On Sun, Apr 30, 2017 at 1:36 PM, ps sunu <pssunu6 at gmail.com> wrote:
>
> Hi ,
> This method can we add id into files.log
>
>
> global myevent: event(f: fa_file, c: connection, is_orig: bool);
>
>
>
> redef record Files::Info += {
> # tx_cc: string &log &optional;
> #rx_cc: string &log &optional;
>
> #tx_asn: count &log &optional;
> #rx_asn: count &log &optional;
> id: conn_id &log &optional;
> };
>
>
> event myevent(f: fa_file, c: connection, is_orig: bool) &priority = -10
> {
> if ( ! f?$info )
> return;
>
> f$info$id = c$id;
>
> }
>
> Regards,
> Sunub
>
> event bro_init()
> {
>
> event myevent( f: fa_file, c: connection, is_orig: bool);
>
> }
>
> event bro_done()
> {
> print "bro_done()";
> }
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170501/80675da2/attachment.html
More information about the Bro
mailing list