[Bro-Dev] [Bro-Commits] [git/bro] topic/bernhard/input: first test. (029871e)
Seth Hall
seth at icir.org
Mon Nov 21 10:57:20 PST 2011
On Nov 20, 2011, at 4:42 PM, Bernhard Amann wrote:
> +type idx: record {
>
> +type val: record {
I know this is super early code, but could make this follow the same style as the rest of the scripts? (camel-casing for types)
http://www.bro-ids.org/development/script-conventions.html
> + Input::add_filter(A::LOG, [$name="ssh", $idx=idx, $val=val, $destination=servers]);
I also have a question about the add_filter line. I see that the "i" field is used for the index and everything else is used for the val. Could those fields be mixed? The "i" field used in the val and fields from the val used in the index? I guess I'm really just asking if I could use a field in both the index and the value.
Thanks!
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the bro-dev
mailing list