base/protocols/conn/contents.bro
- Conn
This script can be used to extract either the originator’s data or the responders data or both. By default nothing is extracted, and in order to actually extract data the c$extract_orig and/or the c$extract_resp variable must be set to T. One way to achieve this would be to handle the connection_established event elsewhere and set the extract_orig and extract_resp options there. However, there may be trouble with the timing due to event queue delay.
Note
This script does not work well in a cluster context unless it has a remotely mounted disk to write the content files to.
| Namespace: | Conn |
|---|---|
| Imports: | base/utils/files.bro |
| Source File: | /scripts/base/protocols/conn/contents.bro |
Summary
Options
| Conn::default_extract: bool &redef | If this variable is set to T, then all contents of all connections will be extracted. |
| Conn::extraction_prefix: string &redef | The prefix given to files containing extracted connections as they are opened on disk. |
Redefinitions
| connection: record |
Copyright 2013, The Bro Project.
Last updated on January 29, 2015.
Created using Sphinx 1.3a0.