[Bro-Dev] Empty log fields

Bernhard Amann bernhard at ICSI.Berkeley.EDU
Sun Dec 4 10:22:19 PST 2011


Hi,

> I propose something new: in addition to allowing the field separator to
> be customized, we allow similar redefinitions for null and empty values.
> By default, they are the same character, namely the dash, but can be
> easily redef'ed.

That is the current state - they can easily be redefined and are both defined as "-" by default.

The problem with this is, that log files that have been written once cannot be easily re-imported using the input framework, because it cannot tell if a field is empty or unset. And (in my opinion) it would be nice to be able to write log files that result in the exact same data structures when they are re-read into bro.

Bernhard


More information about the bro-dev mailing list