- ts: time &log
Timestamp for when the request happened.
- uid: string &log
Unique ID for the connection.
- id: conn_id &log
The connection’s 4-tuple of endpoint addresses/ports.
- trans_depth: count &log
Represents the pipelined depth into the connection of this
request/response transaction.
- method: string &log &optional
Verb used in the HTTP request (GET, POST, HEAD, etc.).
- host: string &log &optional
Value of the HOST header.
- uri: string &log &optional
URI used in the request.
- referrer: string &log &optional
Value of the “referer” header. The comment is deliberately
misspelled like the standard declares, but the name used here
is “referrer” spelled correctly.
- user_agent: string &log &optional
Value of the User-Agent header from the client.
- request_body_len: count &log &default = 0 &optional
Actual uncompressed content size of the data transferred from
the client.
- response_body_len: count &log &default = 0 &optional
Actual uncompressed content size of the data transferred from
the server.
- status_code: count &log &optional
Status code returned by the server.
- status_msg: string &log &optional
Status message returned by the server.
- info_code: count &log &optional
Last seen 1xx informational reply code returned by the server.
- info_msg: string &log &optional
Last seen 1xx informational reply message returned by the server.
- filename: string &log &optional
Filename given in the Content-Disposition header sent by the
server.
- tags: set [HTTP::Tags] &log
A set of indicators of various attributes discovered and
related to a particular request/response pair.
- username: string &log &optional
Username if basic-auth is performed for the request.
- password: string &log &optional
Password if basic-auth is performed for the request.
- capture_password: bool &default = HTTP::default_capture_password &optional
Determines if the password will be captured for this request.
- proxied: set [string] &log &optional
All of the headers that may indicate if the request was proxied.
- range_request: bool &default = F &optional
Indicates if this request can assume 206 partial content in
response.
- orig_fuids: vector &log &optional
(present if base/protocols/http/entities.bro is loaded)
An ordered vector of file unique IDs.
- orig_mime_types: vector &log &optional
(present if base/protocols/http/entities.bro is loaded)
An ordered vector of mime types.
- resp_fuids: vector &log &optional
(present if base/protocols/http/entities.bro is loaded)
An ordered vector of file unique IDs.
- resp_mime_types: vector &log &optional
(present if base/protocols/http/entities.bro is loaded)
An ordered vector of mime types.
- current_entity: HTTP::Entity &optional
(present if base/protocols/http/entities.bro is loaded)
The current entity.
- orig_mime_depth: count &default = 0 &optional
(present if base/protocols/http/entities.bro is loaded)
Current number of MIME entities in the HTTP request message
body.
- resp_mime_depth: count &default = 0 &optional
(present if base/protocols/http/entities.bro is loaded)
Current number of MIME entities in the HTTP response message
body.
- client_header_names: vector &log &optional
(present if policy/protocols/http/header-names.bro is loaded)
The vector of HTTP header names sent by the client. No
header values are included here, just the header names.
- server_header_names: vector &log &optional
(present if policy/protocols/http/header-names.bro is loaded)
The vector of HTTP header names sent by the server. No
header values are included here, just the header names.
- omniture: bool &default = F &optional
(present if policy/protocols/http/software-browser-plugins.bro is loaded)
Indicates if the server is an omniture advertising server.
- cookie_vars: vector &optional &log
(present if policy/protocols/http/var-extraction-cookies.bro is loaded)
Variable names extracted from all cookies.
- uri_vars: vector &optional &log
(present if policy/protocols/http/var-extraction-uri.bro is loaded)
Variable names from the URI.