[Bro] conn. uid
Dk Jack
dnj0496 at gmail.com
Wed Jan 24 17:18:00 PST 2018
Hi,
I am trying to include the uid that's shown in conn.log in the log messages
I generate from
my plugin. I want to do this so that I can correlate my log messages to the
other log lines
generated in the other logs. After looking into the bro code a little, I
came up with
the following based on EncapsulatingConn::EncapsulatingConn
(src/TunnelEncapsulation.cc):
Bro::UID uid = c->GetUID();
if (!uid) {
uid.Set(bits_per_uid);
c->SetUID(uid);
uid = c->GetUID();
}
std::string uid_str = uid.Base62("C");
My plugin is based on tcp::TCP_ApplicationAnalyzer 'c' is of type
'Connection'. Things seem to be working ok. I am getting a uid that looks
similar to what I see in conn.log. However, there is one thing that's a bit
puzzling though. Not all the UIDs that show up in my log are present in the
conn.log. What could be the reason for this? Would appreciate any insight
into this. Thanks.
Dk.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180124/6c358f93/attachment.html
More information about the Bro
mailing list