entities.zeek¶

HTTP¶

Analysis and logging for MIME entities found in HTTP sessions.

Namespace:	HTTP
Imports:	base/frameworks/files, base/protocols/http/main.zeek, base/utils/files.zeek, base/utils/strings.zeek

Summary¶

Runtime Options¶

`HTTP::max_files_orig`: `count` `&redef`	Maximum number of originator files to log.
`HTTP::max_files_resp`: `count` `&redef`	Maximum number of responder files to log.

Types¶

HTTP::Entity: record

Redefinitions¶

`HTTP::Info`: `record`
`fa_file`: `record` `&redef`

Hooks¶

HTTP::max_files_policy: hook Called when reaching the max number of files across a given HTTP connection according to HTTP::max_files_orig or HTTP::max_files_resp.

Detailed Interface¶

Runtime Options¶

HTTP::max_files_orig¶

Type:	`count`
Attributes:	`&redef`
Default:	`15`

Maximum number of originator files to log. HTTP::max_files_policy even is called once this limit is reached to determine if it’s enforced.

HTTP::max_files_resp¶

Type:	`count`
Attributes:	`&redef`
Default:	`15`

Maximum number of responder files to log. HTTP::max_files_policy even is called once this limit is reached to determine if it’s enforced.

Types¶

HTTP::Entity¶

Type:

record

filename: string &optional: Filename for the entity if discovered from a header.

Hooks¶

HTTP::max_files_policy¶

Type:	`hook` (f: `fa_file`, is_orig: `bool`) : `bool`

Called when reaching the max number of files across a given HTTP connection according to HTTP::max_files_orig or HTTP::max_files_resp. Break from the hook early to signal that the file limit should not be applied.