field value missing error

ps_sunu · May 13, 2016, 8:01pm

module Musers;

export {
redef enum Log::ID += { MUSER::LOG };

type Info: record {

ts: time &log;

id : conn_id &log &optional;

orig_user: string &log &optional;

resp_user: string &log &optional;
};

global log_muser: event(rec: Info);
}

redef record connection += {
muser: Info &optional;
};

global host_name_user: table[addr] of string &synchronized &write_expire=7day;
global host_name_user1: table[addr] of string &synchronized &write_expire=7day;

Create the Tor log stream and load the Tor list

event bro_init()
{
Log::create_stream(MUSER::LOG, [$columns=Info, $ev=log_muser]);

}

event KRB::log_krb (rec: KRB::Info)
{

host_name_user1[rec$id$orig_h] = rec$client;

}

event RADIUS::log_radius (rec: RADIUS::Info)

{

host_name_user[rec$id$orig_h] = rec$username;

}

function set_session(c: connection)
{
if ( ! c?$muser )
{
add c$service[“muser”];
c$muser = [$ts=network_time(),$id=c$id];
}
}

Function to convert blutmagie Tor flags from count to bool

#function convert_flag(flag: count): bool
#{
#if ( flag == 1 )

return T;

#else return F;
#}

Function to set data in the Tor info record

Check each new connection for an IP address in the Tor list

event new_connection(c: connection )
{

set_session(c);

if ( c$id$orig_h in Musers::host_name_user )
c$muser$orig_user = Musers::host_name_user[c$id$orig_h];

if ( c$id$resp_h in Musers::host_name_user )
c$muser$resp_user = Musers::host_name_user[c$id$resp_h];

if ( c$id$orig_h in Musers::host_name_user1 )

#local mist120 = host_name_user1[c$id$orig_h];
{
if ( host_name_user1[c$id$orig_h] == /^([A-Za-z0-9._.-]+)([/])([\da-zA-Z.-]+).([a-zA-Z.]{2,6})$/ )
{

print fmt (“orig”);

c$muser$orig_user = Musers::host_name_user1[c$id$orig_h];

}

if ( c$id$resp_h in Musers::host_name_user1 )

#local mist130 = host_name_user1[c$id$resp_h];

if ( host_name_user1[c$id$resp_h] ==/^([A-Za-z0-9._.-]+)([/])([\da-zA-Z.-]+).([a-zA-Z.]{2,6})$/ )
{

print fmt (“resp”);
c$muser$resp_user = Musers::host_name_user1[c$id$resp_h];

}

event connection_state_remove(c: connection)
{
if ( c?$muser )
{
Log::write(MUSER::LOG, c$muser);
}
}

This is my sample code, while running this i am getting below error

virtual-machine:~/Newlogs$ sudo bro -C contrained-delegation/Krb-contrained-delegation.cap Musers.bro
orig
1139998844.531337 expression error in ./Musers.bro, line 51: field value missing [Musers::rec$client]

that error line no 51 is marked as red ,any problem in this code ?

Regards,
Sunu

Azoff_Justin_S · May 13, 2016, 8:18pm

client is an optional field, you need to wrap that statement with a

if(rec?$client) { }

ps_sunu · May 13, 2016, 8:51pm

Ya solved Thank you

Topic		Replies	Views
Field value missing Zeek	5	204	May 6, 2022
Field renaming Zeek	5	137	May 6, 2022
field value missing [rec$seen$where] error Zeek	2	81	May 6, 2022
Problem adding a field from http.log to the xss.log Zeek	2	113	May 6, 2022
auth_bruteforcing.bro error Zeek	5	89	May 6, 2022