[Bro-Dev] #772: Problem with $path in Log filters
Bro Tracker
bro at tracker.bro-ids.org
Thu Feb 16 07:11:31 PST 2012
#772: Problem with $path in Log filters
---------------------+------------------------
Reporter: seth | Owner:
Type: Problem | Status: new
Priority: High | Milestone: Bro2.1
Component: Bro | Version: git/master
Keywords: |
---------------------+------------------------
I finally wrote a generic path_func and it doesn't work. The 'path'
variable that is passed into the $path_func field when it's called is not
filled out. This should be an easy fix.
{{{
module Log;
export {
## A generic log path function that can be used in any filter if
the record associated
## with the stream has a field named 'id' of type
:bro:type:`conn_id` to split the log
## records into different files names based on if the connection
was originated locally
## or not.
global directional_path_func: function(id: Log::ID, path: string,
rec: record {id: conn_id;}): string;
}
function directional_path_func(id: Log::ID, path: string, rec: record {
id: conn_id; }): string
{
local direction: string;
local orig_local = Site::is_local_addr(rec$id$orig_h);
local resp_local = Site::is_local_addr(rec$id$resp_h);
if ( orig_local )
direction = resp_local ? "localonly" : "outbound";
else
direction = resp_local ? "inbound" : "remoteonly";
return fmt("%s_%s", path, direction);
}
event bro_init()
{
Log::remove_default_filter(DNS::LOG);
Log::add_filter(DNS::LOG, [$name = "directional_split", $path_func
= directional_path_func]);
Log::remove_default_filter(HTTP::LOG);
Log::add_filter(HTTP::LOG, [$name = "directional_split",
$path_func = directional_path_func]);
}
}}}
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/772>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list