[Bro] Log Stream Types
anthony.kasza at gmail.com
Wed Apr 9 10:10:11 PDT 2014
Ah! The typing makes sense now.
You're right about the specific requirements, too. I'm looking for a way to
feed log lines to a process similar to a Python generator. I've tried the
Python broccoli bindings but wasn't satisfied with type conversions. I'll
keep looking and post here if I find anything worth while.
Thanks for the insight, Seth!
On Apr 9, 2014 6:34 AM, "Seth Hall" <seth at icir.org> wrote:
> On Apr 2, 2014, at 10:00 PM, anthony kasza <anthony.kasza at gmail.com>
> > I'm hoping someone could explain why
> > %prefix%bro/share/bro/base/frameworks/logging/main.bro (from an
> > installation) defines a Log::Stream type as a record of two any types
> > but bro/src/logging/Manager.cc (line 335 from Github) seems to enforce
> > Log::Stream types to consist of an event type.
> That's a hack. :) It's because internally, the $columns field is a
> TypeType type which allows us to specify a type as a value (I know, kind of
> weird). $ev is declared as any at script land because the type of an event
> includes the full parameter list but most events being provided to that
> field are of different types because they carry different record types in
> their parameter lists.
> Those hacks have bugged us (me at least!) for quite a while and if there
> is anything that is constant in our community, it's that change is constant
> and we'll probably be back around to work on this issue again before long.
> > I'm curious to see if
> > it is possible to take immediate action upon a log line being ready
> > with a function or hook instead of having to wait for an event to be
> > handled.
> Typically when writing scripts that have specific requirements like it
> sounds like yours has, I don't recommend that people hang off of the
> logging events. You are always going to run into problems like you are
> here. Find the event that you really want to hang your functionality off
> of and do that.
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro