base/protocols/http/entities.zeek

HTTP

Analysis and logging for MIME entities found in HTTP sessions.

Namespace:HTTP
Imports:base/frameworks/files, base/protocols/http/main.zeek, base/utils/files.zeek, base/utils/strings.zeek

Summary

Runtime Options

HTTP::max_files_orig: count &redef Maximum number of originator files to log.
HTTP::max_files_resp: count &redef Maximum number of responder files to log.

Redefinitions

HTTP::Info: record  
fa_file: record &redef  

Hooks

HTTP::max_files_policy: hook Called when reaching the max number of files across a given HTTP connection according to HTTP::max_files_orig or HTTP::max_files_resp.

Detailed Interface

Runtime Options

HTTP::max_files_orig
Type:count
Attributes:&redef
Default:15

Maximum number of originator files to log. HTTP::max_files_policy even is called once this limit is reached to determine if it’s enforced.

HTTP::max_files_resp
Type:count
Attributes:&redef
Default:15

Maximum number of responder files to log. HTTP::max_files_policy even is called once this limit is reached to determine if it’s enforced.

Types

HTTP::Entity
Type:

record

filename: string &optional

Filename for the entity if discovered from a header.

Hooks

HTTP::max_files_policy
Type:hook (f: fa_file, is_orig: bool) : bool

Called when reaching the max number of files across a given HTTP connection according to HTTP::max_files_orig or HTTP::max_files_resp. Break from the hook early to signal that the file limit should not be applied.