From f32b567c8558121d017f45662d767fbde7c50826 Mon Sep 17 00:00:00 2001
From: Seth Hall <seth@icir.org>
Date: Tue, 13 Sep 2011 22:33:26 -0400
Subject: [PATCH] New script for logging header names and values.

- Closes #519.
---
 .../protocols/http/{headers.bro => header-names.bro}   | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)
 rename scripts/policy/protocols/http/{headers.bro => header-names.bro} (61%)

diff --git a/scripts/policy/protocols/http/headers.bro b/scripts/policy/protocols/http/header-names.bro
similarity index 61%
rename from scripts/policy/protocols/http/headers.bro
rename to scripts/policy/protocols/http/header-names.bro
index dc3eddcbc0..fdecdfa0e8 100644
--- a/scripts/policy/protocols/http/headers.bro
+++ b/scripts/policy/protocols/http/header-names.bro
@@ -1,4 +1,6 @@
-##! Extract and include the header keys used for each request in the log.
+##! Extract and include the header names used for each request in the HTTP
+##! logging stream.  The headers in the logging stream will be stored in the
+##! same order which they were seen on the wire.
 
 @load base/protocols/http/main
 
@@ -8,15 +10,13 @@ export {
 	redef record Info += {
 		## The vector of HTTP headers.  No header values are included here, just
 		## the header names.
-		## TODO: with an empty vector as &default, the vector isn't coerced to the
-		## correct type.
 		headers:  vector of string &log &optional;
 	};
 }
 
-event http_header(c: connection, is_orig: bool, name: string, value: string) &priority=4
+event http_header(c: connection, is_orig: bool, name: string, value: string) &priority=3
 	{
-	if ( ! is_orig )
+	if ( ! is_orig || ! c?$http )
 		return;
 	
 	if ( ! c$http?$headers )