[Bro-Dev] &log attribute
Seth Hall
seth at icir.org
Sun Mar 27 20:06:02 PDT 2011
On Mar 27, 2011, at 10:56 PM, Adam J. Slagell wrote:
> I'd rather have a separate syntax to log all fields than to just assume that not using the attribute anywhere has this opposite behavior.
Just for the record, I don't think this would be appropriate either due to the recent record extension mechanism. It would essentially prohibit someone from including non-logged state information in a script extending one of the logging records with the separate syntax indicating "log all".
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the bro-dev
mailing list