>> Here's my suggestion: we'd introduce an enum that specifies the >> direction, e.g., ORIG, RESP, BOTH. Users can then decide what they'd >> like to have recorded. > > > This is all being done through the file analysis framework now and is being > abstracted there now. The script you are having trouble with is being > removed.
The script isn't being removed, just changed to use the generic file analysis events instead of http_entity_data. And the generic file events don't currently specify any direction information, so HTTP extraction will do both request and response bodies, but they can't be controlled independently. Do I need to add an 'is_orig' flag to at least the 'file_new' event? - Jon _______________________________________________ bro-dev mailing list [email protected] http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
