mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
92b6656bad
The "orig_fuids", "orig_filenames", "orig_mime_types" http.log fields as well as their "resp" counterparts are now limited to having "HTTP::max_files_orig" or "HTTP::max_files_resp" entries, which are 15 by default. The limit can also be ignored case-by-case via the "HTTP::max_files_policy" hook. Fixes GH-289
10 lines
890 B
Text
10 lines
890 B
Text
#separator \x09
|
|
#set_separator ,
|
|
#empty_field (empty)
|
|
#unset_field -
|
|
#path http
|
|
#open 2019-02-27-20-19-27
|
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent request_body_len response_body_len status_code status_msg info_code info_msg tags username password proxied orig_fuids orig_filenames orig_mime_types resp_fuids resp_filenames resp_mime_types
|
|
#types time string addr port addr port count string string string string string string count count count string count string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] vector[string] vector[string]
|
|
1369159408.455878 CHhAvVGS1DHFjwGM9 141.142.228.5 57262 54.243.88.146 80 1 POST httpbin.org /post - 1.1 curl/7.30.0 370 465 200 OK - - (empty) - - - F2yGNX2vGXLxfZeD12 - - FjeopJ2lRk9U1CNNb5 - text/json
|
|
#close 2019-02-27-20-19-27
|