[Bro-Dev] [JIRA] (BIT-1301) Log::add_filter should have a transform func
Seth Hall (JIRA)
jira at bro-tracker.atlassian.net
Thu Dec 18 07:40:01 PST 2014
[ https://bro-tracker.atlassian.net/browse/BIT-1301?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=19302#comment-19302 ]
Seth Hall commented on BIT-1301:
--------------------------------
I chatted with Justin about this on IRC already but I wanted it documented somewhere a bit more durable.
I agree that this would be very handy for some stuff, but we would need to be a bit careful on how we handle it. I think that just modifying the record in place is probably fine but we would have to make sure that we're making a copy of the record before passing it into the filter so that someone doing a transform on the record in one filter doesn't impact the original data in another filter. There is probably some optimization we could do there too to avoid making copies when a record is passed to a filter that doesn't contain a transform so that in the default case this doesn't really have any overhead.
> Log::add_filter should have a transform func
> --------------------------------------------
>
> Key: BIT-1301
> URL: https://bro-tracker.atlassian.net/browse/BIT-1301
> Project: Bro Issue Tracker
> Issue Type: New Feature
> Components: Bro
> Reporter: Justin Azoff
> Assignee: Justin Azoff
> Labels: logging
>
> One should be able to do something like
> {code}
> Log::add_filter(HTTP::LOG, [
> $transform=function(rec: HTTP:Info): HTTP::Info {
> #modify rec somehow
> }
> ]);
> {code}
> Not sure if it should modify the record in place, or return the modified version.
> This could allow the user to do similar things to include/exclude, but on a more granular level.
--
This message was sent by Atlassian JIRA
(v6.4-OD-12-026#64007)
More information about the bro-dev
mailing list