Bro HTTP Log自定义格式

2018-10-31 本文已影响0人 phaker

添加自定字段，如human_readable time字段：

FILE $bro/share/bro/base/protocols/http/human_time_http.bro


@load base/protocols/http

module HTTP;

export {

redef record Info += {

  ## A human-readable timestamp

  human_time: string &log &optional;

  };

}

event http_request(c: connection, method: string, original_URI: string,

                    unescaped_URI: string, version: string)

{

  local format: string = "%Y-%m-%dT%H:%M:%S%z";

  c$http$human_time = strftime(format, c$http$ts);

}

之后修改load文件$bro/share/bro/base/protocols/http/load.bro,添加一行


@load ./human_time_http

最后在$bro/share/bro/base/protocols/http/main.bro中添加新建的字段


type Info: record {       

 ## Timestamp for when the request happened.

        human_time: string &log;

        ...

        ...

另：bro script中字段含义https://www.bro.org/sphinx/script-reference/attributes.html#attr-&log

上一篇下一篇

猜你喜欢

热点阅读