base/protocols/http/entities.zeek¶
-
HTTP
¶
Analysis and logging for MIME entities found in HTTP sessions.
Namespace: | HTTP |
---|---|
Imports: | base/frameworks/files, base/protocols/http/main.zeek, base/utils/files.zeek, base/utils/strings.zeek |
Summary¶
Runtime Options¶
HTTP::max_files_orig : count &redef |
Maximum number of originator files to log. |
HTTP::max_files_resp : count &redef |
Maximum number of responder files to log. |
Types¶
HTTP::Entity : record |
Hooks¶
HTTP::max_files_policy : hook |
Called when reaching the max number of files across a given HTTP
connection according to HTTP::max_files_orig
or HTTP::max_files_resp . |
Detailed Interface¶
Runtime Options¶
-
HTTP::max_files_orig
¶ Type: count
Attributes: &redef
Default: 15
Maximum number of originator files to log.
HTTP::max_files_policy
even is called once this limit is reached to determine if it’s enforced.
-
HTTP::max_files_resp
¶ Type: count
Attributes: &redef
Default: 15
Maximum number of responder files to log.
HTTP::max_files_policy
even is called once this limit is reached to determine if it’s enforced.
Types¶
Hooks¶
-
HTTP::max_files_policy
¶ Type: hook
(f:fa_file
, is_orig:bool
) :bool
Called when reaching the max number of files across a given HTTP connection according to
HTTP::max_files_orig
orHTTP::max_files_resp
. Break from the hook early to signal that the file limit should not be applied.