>> Here's my suggestion: we'd introduce an enum that specifies the
>> direction, e.g., ORIG, RESP, BOTH. Users can then decide what they'd
>> like to have recorded.
> 
> 
> This is all being done through the file analysis framework now and is being 
> abstracted there now.  The script you are having trouble with is being 
> removed.

The script isn't being removed, just changed to use the generic file analysis 
events instead of http_entity_data.

And the generic file events don't currently specify any direction information, 
so HTTP extraction will do both request and response bodies, but they can't be 
controlled independently.  Do I need to add an 'is_orig' flag to at least the 
'file_new' event?

- Jon
_______________________________________________
bro-dev mailing list
[email protected]
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev

Reply via email to