More HTTP Fields for Zeek http.log

more_http_fields.zeek

	module HTTP;

	# Add additional HTTP Headers
	redef record Info += {
		#Refresh
		refresh:       string  &log &optional;
	
		#Accept-Language
		accept_language:    string  &log &optional;
	
		#ETag
		etag:               string  &log &optional;
	
		#Content-Length
		content_length:     string  &log &optional;
	
		#Range
		range_value:        string  &log &optional;
	
		#Cookie
		cookie:             string  &log &optional;
	
		#Cookie Values
		cookie_values:             string  &log &optional;
	
		#Cookie Names
		cookie_names:             string  &log &optional;
	};
	
	
	event http_header(c: connection, is_orig: bool, name: string, value: string) &priority=5
	{
		if ( is_orig )client headers
			{
				if ( name == "REFRESH" )
					c$http$refresh = value;
				
				else if ( name == "ACCEPT-LANGUAGE" )
					c$http$origin = value;
	
				else if ( name == "ETAG" )
					c$http$etag = value;
	
				else if ( name == "CONTENT-LENGTH" )
					c$http$content_length = value;
	
				else if ( name == "RANGE" )
					c$http$range_value = value;
	
				else if (name == "COOKIE") {
						c$fp$http_client$cookie = value;
						local cookies = split_string(value, /;/);
						for (idx in cookies) {
								local cookie = strip(cookies[idx]);
								c$fp$http_client$cookie_values += cookie;
								c$fp$http_client$cookie_names += split_string1(cookie, /=/)[0];
			}
	}