# by FH #@load netflow @load listen-clear #redef rm_log = open_log_file("remotenf"); global nfpoc_log = open_log_file ("pocnf") &redef; # --- @load time-machine # --- event netflow_v5_record(r: nf_v5_record) { if (r$id$resp_p == 80/tcp) { event netflow_poc_http(r); } } event netflow_poc_http(r: nf_v5_record) { print nfpoc_log, r; TimeMachine::request_addr(r$id$resp_h,network_time(),F,"pochttp2"); }