From 6e84c15ee425c7bcd506946fcd37cad096199435 Mon Sep 17 00:00:00 2001
From: Robin Krahl <me@robin-krahl.de>
Date: Tue, 26 Sep 2017 10:13:48 +0200
Subject: bro-script: pasad-simple: Add origin and response IP addresses to log

---
 bro-script/pasad-simple.bro | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'bro-script/pasad-simple.bro')

diff --git a/bro-script/pasad-simple.bro b/bro-script/pasad-simple.bro
index 759d607..db3b4be 100644
--- a/bro-script/pasad-simple.bro
+++ b/bro-script/pasad-simple.bro
@@ -16,6 +16,8 @@ export {
 		rtype: 		string	&log;
 		tid_request:	count	&log;
 		tid_response:	count	&log &optional;
+		ip_orig:	addr	&log;
+		ip_resp:	addr	&log;
 		start_address:	count	&log;
 		quantity:	count	&log;
 		registers:	ModbusRegisters &log &optional;
@@ -33,7 +35,15 @@ event bro_init() &priority=5
 
 event modbus_read_holding_registers_request(c: connection, headers: ModbusHeaders, start_address: count, quantity: count)
 	{
-	local rec: Info = [$ts_request=network_time(), $rtype="holding", $tid_request=headers$tid, $start_address=start_address, $quantity=quantity];
+	local rec: Info = [
+		$ts_request=network_time(),
+		$rtype="holding",
+		$tid_request=headers$tid,
+		$start_address=start_address,
+		$quantity=quantity,
+		$ip_orig=c$id$orig_h,
+		$ip_resp=c$id$resp_h
+	];
 	c$pasad = rec;
 	}
 
-- 
cgit v1.2.1