Hi everyone,
Some time ago I have dumped several log files using Bro. I had used the
script in the attachment. Essentially, during the event http_all_headers
I wanted to dump into the log the set of headers and values.
I would like to re-use this dataset I have collected, however this time
I would require the headers to be in the exact order as they are parsed.
This information is not in logs, so I was wondering whether it is
possible: given the script and the logs, to "reverse" the original order
of the headers.
For this purpose, I think I need to know: 1) how data is stored in a
"set [string]", because that's what I use to temporarily store the
values; and 2) how data is stored in "hlist: mime_header_list" which is
a table() in Bro.
Can anyone help me?
I already have a script that capture the headers in order with Bro, but
this would require me to re-capture the data for long period of time. If
I could reverse the process, it would save me quite some time.
Thanks in advance,
Riccardo
log_headers_http.bro (1.21 KB)
. I will re-start the process again then.