files.log

ps_sunu · April 30, 2017, 5:36pm

Hi ,
This method can we add id into files.log

global myevent: event(f: fa_file, c: connection, is_orig: bool);

redef record Files::Info += {

tx_cc: string &log &optional;

#rx_cc: string &log &optional;

#tx_asn: count &log &optional;
#rx_asn: count &log &optional;
id: conn_id &log &optional;
};

event myevent(f: fa_file, c: connection, is_orig: bool) &priority = -10
{
if ( ! f?$info )
return;

f$info$id = c$id;

}

Regards,
Sunub

event bro_init()
{

event myevent( f: fa_file, c: connection, is_orig: bool);

}

event bro_done()
{
print “bro_done()”;
}

fatema_bannatwala · May 1, 2017, 7:24pm

Not sure what you would like to log extra in files.log, but files.log already has a conn_uids field as well as src and dest IPs.
conn id is a four tuple, and only things missing in files.log with regard to conn$id are ports (orig_p and resp_p), other then these
two fields files.log has pretty much everything you might be interested in.

Or, I might have mis-understood the question.

-Fatema.

Topic		Replies	Views
files.log need to add id [orig_h,p and resp_h,p] Zeek	1	56	May 6, 2022
Custom log file Zeek	4	62	May 6, 2022
Question about creating custom conn logs. Zeek	2	53	May 6, 2022
intel.log extra log Zeek	2	78	May 6, 2022
Bro Log Filename Question Zeek	3	53	May 6, 2022

files.log

tx_cc: string &log &optional;

Related Topics