Re: Publishing http attributes

["Seshaiah Erugu (serugu)" <serugu () cisco com>]

Hi Akhil,

You can add this data ( Host name, version and Method ) to HttpSessionData and populate while logging the packet.
Refer xff code for populating extra data.


Thanks,
Seshaiah Erugu.

From: Akhil Koul [mailto:akhil.koul8 () gmail com]
Sent: Tuesday, June 28, 2016 2:56 PM
To: snort-devel () lists sourceforge net
Subject: [Snort-devel] Publishing http attributes

Hello

For a project I am working on, I would like to publish http host, version and method so that it is available to 
subscribers. Currently, only http_raw_uri is published which is subscribed and logged by data_log inspector.

I would like the data_log inspector to be able to subscribe to above attributes(or maybe a new inspector which can 
subscribe to and handle several http attributes).
How do I do this? Any help will be appreciated.

Thanks
Akhil

------------------------------------------------------------------------------
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!