Customization for HTTP logs

Hi,

In order to be able to log more HTTP headers, I edited the file:
/bro/share/bro/base/protocols/http/main.bro (the edited file is attached to this mail).

In addition to this file change I added log filter into /bro/share/bro/site/local.bro file.

The log is created and most of fields logged well except the following fields:

response_content_length
cookie
response_content_type

Can someone tell me what’s wrong ?

Thanks,

Omer

main.bro (11.2 KB)

In order to be able to log more HTTP headers, I edited the file:
/bro/share/bro/base/protocols/http/main.bro (the edited file is attached to this mail).

In addition to this file change I added log filter into /bro/share/bro/site/local.bro file.

The log is created and most of fields logged well except the following fields:
response_content_length
cookie
response_content_type

Can someone tell me what's wrong ?

Are you sure that the server sends the header lines? As far as I remember all
of them are optional. At a first glance, it looks fine besides that - and if the
other things you added are working, these should too.

But - one other thing - you really should not edit script-files in base. If you ever
re-install bro, it will be overwritten without any warning or promoting you. Also - if
you ever update to a new version you will have to re-apply your changes manually.

Instead, you should extend the HTTP::Info record in a separate, new script-file and
also set the values in that new file by catching the http_header event.

Johanna