[Bro-Dev] inline record type definition
Robin Sommer
robin at icir.org
Thu Aug 18 15:08:29 PDT 2011
On Tue, Aug 16, 2011 at 10:29 -0400, you wrote:
> to a conclusion on how to deal with it. When I use the following
> function as a $path_func for the logging framework it fails because
> when the rec value is passed in, the first ordinal value is almost
> always a time field and it tries to turn the time field into a conn_id
> field which obviously fails.
I can't reproduce this. Below is a script which I believe does what
you're describing (in three different ways!), but it runs just fine.
Anything I'm missing?
Robin
--------- cut -------------------------------------------------------
type Info: record {
ts: time &log;
id: conn_id &log;
};
function path_with_direction(id: Log::ID, path: string, rec: record {id: conn_id;}): string
{
print id, path, rec;
return path;
}
redef Log::default_path_func = path_with_direction;
redef enum Log::ID += { MyLog };
event connection_established(c: connection)
{
local i: Info = [$ts=network_time(), $id=c$id];
path_with_direction(HTTP::HTTP, "manual", i);
Log::write(MyLog, [$ts=network_time(), $id=c$id]);
}
event bro_init()
{
Log::create_stream(MyLog, [$columns=Info]);
Log::remove_default_filter(MyLog);
Log::add_filter(MyLog, [$name="default", $path_func=path_with_direction]);
}
--
Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org
ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org
More information about the bro-dev
mailing list