[Zeek] Raw HTTP Headers
Seth Hall
seth at corelight.com
Thu Aug 29 05:36:24 PDT 2019
Aw! Sorry to hear that. It's equally frustrating for us when people
run into problems that can't be fixed merely with scripts. Hopefully in
the future we'll have a better solution for you. Hopefull you can
figure out a different approach or some other script for the contest!
.Seth
On 27 Aug 2019, at 22:01, Andrew Klaus wrote:
> Thanks Seth!
>
> I was hoping to have a new Zeek script written for the Zeek contest,
> but it
> doesn't look like modules that need source code modifications will be
> considered.
>
> Andrew
>
> On Tue, Aug 27, 2019 at 7:02 PM Seth Hall <seth at corelight.com> wrote:
>
>> I believe that this isn't available since (as your already
>> discovered),
>> the analyzer strips whitespace. The only option would be to modify
>> the
>> analyzer or write a new one.
>>
>> .Seth
>>
>> On 25 Aug 2019, at 0:32, Andrew Klaus wrote:
>>
>>> Hello,
>>>
>>> I'd like to write a script for HTTP requests, but I need the raw and
>>> untruncated headers to do this. I can't seem to find an event that
>>> will
>>> give me this data to work with. I've looked at http_all_headers and
>>> http_header, but they still strip whitespace.
>>>
>>> Is there any (current) way of doing this? It'd be nice to be able to
>>> do
>>> this without having to modify the analyzer.
>>>
>>> Thanks!
>>> Andrew
>>> _______________________________________________
>>> Zeek mailing list
>>> zeek at zeek.org
>>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
>>
>> --
>> Seth Hall * Corelight, Inc * www.corelight.com
>>
--
Seth Hall * Corelight, Inc * www.corelight.com
More information about the Zeek
mailing list