Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-10 02:28:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Adding extra fields to smtp and http to track transaction depth.

Browse source 
- This will for help linking in analysis scripts and databases later.

- Test baseline updates coming in a few minutes.
This commit is contained in:
Seth Hall 2011-10-25 11:34:48 -04:00
parent 2131468b08
commit 4753f2aeca
3 changed files with 18 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

6
scripts/base/protocols/http/main.bro
View file

@ -18,6 +18,9 @@ export {
ts: time &log;
uid: string &log;
id: conn_id &log;
## This represents the pipelined depth into the connection of this
## request/response transaction.
trans_depth: count &log;
## The verb used in the HTTP request (GET, POST, HEAD, etc.).
method: string &log &optional;
## The value of the HOST header.
@ -123,6 +126,9 @@ function new_http_session(c: connection): Info
tmp$ts=network_time();
tmp$uid=c$uid;
tmp$id=c$id;
# $current_request is set prior to the Info record creation so we
# can use the value directly here.
tmp$trans_depth = c$http_state$current_request;
return tmp;
}