mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
51836d08ae
This analyzer can be used to transport raw stream data for a given connection to the script layer. For example, adding this analyzer into the HTTP::upgrade_analyzer or using it to configure a child WebSocket analyzer allows to get access to the raw stream data in script land when no more appropriate protocol analyzer is available.
12 lines
299 B
Text
12 lines
299 B
Text
# @TEST-EXEC: zeek -b -r $TRACES/http/get.trace %INPUT >out
|
|
# @TEST-EXEC: btest-diff out
|
|
|
|
event zeek_init()
|
|
{
|
|
Analyzer::register_for_port(Analyzer::ANALYZER_STREAM_EVENT, 80/tcp);
|
|
}
|
|
|
|
event stream_deliver(c: connection, is_orig: bool, data: string)
|
|
{
|
|
print c$uid, is_orig, |data|, data[:32];
|
|
}
|