mirror of
https://github.com/zeek/zeek.git
synced 2025-10-17 14:08:20 +00:00
705a84d688
http.log now has files taken from request and response bodies in different fields for each, and can now track multiple files per body. That is, the "extraction_file" field is now "extracted_request_files" and "extracted_response_files".
10 lines
883 B
Text
10 lines
883 B
Text
#separator \x09
|
|
#set_separator ,
|
|
#empty_field (empty)
|
|
#unset_field -
|
|
#path http
|
|
#open 2013-05-21-21-31-32
|
|
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extracted_request_files extracted_response_files
|
|
#types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] string string vector[string] vector[string]
|
|
1369159408.455878 UWkUyAuUGXf 141.142.228.5 57262 54.243.88.146 80 1 POST httpbin.org /post - curl/7.30.0 370 465 200 OK - - - (empty) - - - text/plain - http-item-TJdltRTxco1.dat,http-item-QJO04kPdawk.dat,http-item-dDH5dHdsRH4.dat http-item-TaUJcEIboHh.dat
|
|
#close 2013-05-21-21-31-32
|