SSL::collect¶
Description¶
Starts the collection of plaintext data either indefinitely or for the
specified amount of data. On successful collection, the corresponding
data event is triggered. For clientside collection, the
CLIENTSSL_DATA event is triggered. For
serverside collection, the SERVERSSL_DATA
event is triggered.
Syntax¶
SSL::collect [<length>]
SSL::collect [<length>]¶
- Starts the collection of plaintext data either indefinitely or for the specified amount of data.
- When <length> is specified, the data event will not be triggered until that length has been collected.
Examples¶
when CLIENTSSL_HANDSHAKE {
log local0. "[IP::client_addr]:[TCP::client_port]: SSL handshake completed, collecting SSL payload"
SSL::collect
}
when CLIENTSSL_DATA {
log local0. "[IP::client_addr]:[TCP::client_port]: Collected bytes [SSL::payload length], releasing payload"
log local0. "\[SSL::payload\]: [SSL::payload]"
SSL::release
}
when SERVERSSL_HANDSHAKE {
SSL::collect
}
when SERVERSSL_DATA {
set payload [SSL::payload]
}