[Bro] [EXTERNAL] Log::add_filter with mime_type or filename predicate

Seth Hall seth at icir.org
Thu Oct 3 22:33:06 PDT 2013


On Oct 3, 2013, at 3:53 PM, "Thomas, Eric D" <edthoma at sandia.gov> wrote:

> ...: not an index type (application/x-dosexec in rec$resp_mime_types)
> 
> Does the 'in' operator work with a string and a vector type?

Arg!  I forgot that was a vector, I was thinking it was a set.  It's little things like this that are pretty annoying to eventually find out (that I didn't consider some situation).

I don't really like this solution but it should work if you put it in your predicate...

if ( rec?$resp_mime_types ) 
	{
	for ( i in rec$resp_mime_types )
		{
		if ( "application/x-dosexec" == rec$resp_mime_types[i] )
			return T;
		}
	}
return F;


  .Seth

--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20131004/d51537b1/attachment.bin 


More information about the Bro mailing list