[Zeek] Generate New Log using Customized Script
Justin Azoff
justin at corelight.com
Wed May 29 17:01:31 PDT 2019
On Thu, May 23, 2019 at 10:12 PM Muhammad Hasif Sulaiman <
hasifsulaiman94 at gmail.com> wrote:
> Hi,
>
> I need help with some script i customized. Basically the script is to log
> http header. I don't want to mess the original http log, so i tried to
> create a new log file to log some field similar with the original http log
> along with the http header. I tested the script on http://try.bro.org and
> was able to execute the script, also I tested the script to analyze live
> traffic from an interface using "*bro -i en0 <list of scripts to load>*"
> command with success. But when i load the script on local.bro and restart
> bro service, the logger crashed. I'm not sure if the script is the cause or
> something else is.
>
on local.bro file i have included *@load protocols/http/httpheaders line*.
> The script is located
> */usr/src/bro-2.6.1/scripts/base/protocols/http/httpheaders.bro*
>
That all sounds reasonable to me.. how exactly was the logger crashing?
Were you getting script errors or was it segfaulting?
--
Justin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190529/3c60e9b1/attachment.html
More information about the Zeek
mailing list