Hi,
In order to be able to log more HTTP headers, I edited the file:
/bro/share/bro/base/protocols/http/main.bro (the edited file is attached to this mail).
In addition to this file change I added log filter into /bro/share/bro/site/local.bro file.
The log is created and most of fields logged well except the following fields:
response_content_length
cookie
response_content_type
|
- |
Can someone tell me what’s wrong ?
Thanks,
Omer
main.bro (11.2 KB)
In order to be able to log more HTTP headers, I edited the file:
/bro/share/bro/base/protocols/http/main.bro (the edited file is attached to this mail).In addition to this file change I added log filter into /bro/share/bro/site/local.bro file.
The log is created and most of fields logged well except the following fields:
response_content_length
cookie
response_content_typeCan someone tell me what's wrong ?
Are you sure that the server sends the header lines? As far as I remember all
of them are optional. At a first glance, it looks fine besides that - and if the
other things you added are working, these should too.
But - one other thing - you really should not edit script-files in base. If you ever
re-install bro, it will be overwritten without any warning or promoting you. Also - if
you ever update to a new version you will have to re-apply your changes manually.
Instead, you should extend the HTTP::Info record in a separate, new script-file and
also set the values in that new file by catching the http_header event.
Johanna