[Bro-Dev] &log attribute
Seth Hall
seth at icir.org
Tue Mar 22 19:42:47 PDT 2011
On Mar 22, 2011, at 8:08 PM, Vern Paxson wrote:
> type attribute &log; # declares "&log" as a new attribute,
> # in this case without an associated value
>
> and then (as I guess you already have in mind) the logging framework
> can first test for whether $uri is present, and, if so, whether it
> has &log set (via the existing ?$$ operator).
One more thought on this.
If we did the script level implementation, it would only immediately create another script dependency with the core. Almost all of the new logging framework code that Robin has written is core code in C++ so we'd never actually be using the ?$ operator for check for the attribute in the script layer. It seems like we'd *have* to think of another use case for it to justify implementing the script level attribute creation unless it's really easy since since implementing yet another attribute is so easy.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the bro-dev
mailing list