[Bro-Dev] #718: Log protocol type for notices

Robin Sommer robin at icir.org
Thu Jan 5 09:00:50 PST 2012

On Wed, Jan 04, 2012 at 13:11 -0600, you wrote:

> It would be very helpful if all of the logs started with the
> connection tuple to make parsing easier.

We're trying to avoid relying on the order of fields. The recommended
way is to parse the header and then index columns by their names.
While using columns directly would be easier of course, it makes it
hard to change a log's content in the future.


Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org
ICSI/LBNL    * Fax   +1 (510) 666-2956 *   www.icir.org

More information about the bro-dev mailing list