[Bro] [EXTERNAL] Log::add_filter with mime_type or filename predicate

Seth Hall seth at icir.org
Thu Oct 3 22:33:06 PDT 2013

On Oct 3, 2013, at 3:53 PM, "Thomas, Eric D" <edthoma at sandia.gov> wrote:

> ...: not an index type (application/x-dosexec in rec$resp_mime_types)
> Does the 'in' operator work with a string and a vector type?

Arg!  I forgot that was a vector, I was thinking it was a set.  It's little things like this that are pretty annoying to eventually find out (that I didn't consider some situation).

I don't really like this solution but it should work if you put it in your predicate...

if ( rec?$resp_mime_types ) 
	for ( i in rec$resp_mime_types )
		if ( "application/x-dosexec" == rec$resp_mime_types[i] )
			return T;
return F;


Seth Hall
International Computer Science Institute
(Bro) because everyone has a network

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20131004/d51537b1/attachment.bin 

More information about the Bro mailing list