[Bro] Question about known_services.log

Vito Logrillo vitologrillo at gmail.com
Mon Jan 12 02:18:29 PST 2015

i have a question about the known_services.log: why the service field
is treated as set[string] and not as string?

Another question: why using a code like below i sometimes obtain
rec$service empty?

event Known::log_known_services(rec: Known::ServicesInfo) &priority=5
known_services_buffer_vec = ([$ts = rec$ts,$service_addr = rec$host,
$service_port = rec$port_num, $service = rec$service]);


More information about the Bro mailing list