[Bro] SQL usage in Bro

Seth Hall hall.692 at osu.edu
Tue Feb 16 20:12:25 PST 2010

On Feb 14, 2010, at 1:25 PM, Vern Paxson wrote:

>> global bad_urls: set[string] &add_func=function(val: string) { event
>> db_log("bad_urls", [$url=val]); };
> Yeah, that was just the approach I was thinking of too while catching
> up on this thread.  (Well, maybe tweaked slightly so that the  
> &add_func
> function returns the value to *actually* put in the set, if any.)

Ah, I'm glad you mentioned this.  I would really like to see &add_func  
work more similarly to &expire_func.  The function given to &add_func  
would return a bool to allow or prevent an item from being added to  
the table/set.  It would make it so that a script developer wouldn't  
have to anticipate all of the situations where someone using their  
script would want to exclude data from a table or set.  The table or  
set would just have to be declared with &redef so that a user could  
add their own &add_func.

Is there a better example for returning the value to be put into the  
set?  I can't think of any situations when I'd use that.


Seth Hall
Network Security - Office of the CIO
The Ohio State University
Phone: 614-292-9721

More information about the Bro mailing list