[Bro] http.log need conn.log filed
ps sunu
pssunu6 at gmail.com
Fri Nov 10 04:30:38 PST 2017
Hi,
I need to copy conn record proto field into http.log script
running but not htting the case my script
module TrackHTTP;
redef LogAscii::use_json=T;
redef record HTTP::Info += {
proto: transport_proto &optional &log;
};
event http_reply(c: connection, version: string, code: count, reason:
string) &priority= 10
{
{
print c$conn$proto;
c$http$proto = c$conn$proto;
}
# for ( id in c$conns ) {
# print f$conns;
# local c = c$conns[id];
#c$http$proto = c$conn$proto;
}
event http_message_done(c: connection, is_orig: bool, stat:
http_message_stat) &priority = 10
{
if (c?$http && c?$conn )
{
print c$conn$proto;
c$http$proto = c$conn$proto;
}
}
event http_request(c: connection, method: string, original_URI: string,
unescaped_URI: string, version: string) &priority=10
{
if (c?$conn)
{
print c$conn$proto;
c$http$proto = c$conn$proto;
}
}
Regards,
sunu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20171110/ec2c7ffa/attachment.html
More information about the Bro
mailing list