[Bro-Dev] [JIRA] (BIT-1324) default_path_func does weird things to underscores
Jon Siwek (JIRA)
jira at bro-tracker.atlassian.net
Fri Mar 13 09:38:01 PDT 2015
[ https://bro-tracker.atlassian.net/browse/BIT-1324?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=19938#comment-19938 ]
Jon Siwek commented on BIT-1324:
--------------------------------
I also find it to be odd behavior; generally it may be hard for a user to understand how exactly the file name gets derived from their choice of module and {{Log::ID}} enum naming. We should make the common case simpler. E.g. provide a new function
{code}
global Log::create_stream_with_default_path: function(id: Log::ID, stream: Log::Stream, path: string) : bool;
{code}
Then just replace all current calls to {{Log::create_stream}} with that, which explicitly specifies the default path for each stream. It should also not set the {{path_func}} to {{default_path_func}} at all for the sake of saving cycles -- each write operation for a filter currently calls out to {{default_path_func}}, but only the first one does something useful if {{path}} isn't set (but it would be now).
Wouldn't be hard to do for 2.4 if people like that idea. Thoughts?
> default_path_func does weird things to underscores
> --------------------------------------------------
>
> Key: BIT-1324
> URL: https://bro-tracker.atlassian.net/browse/BIT-1324
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: Bro
> Reporter: Justin Azoff
> Priority: Low
> Labels: logging
> Fix For: 2.4
>
>
> The following script creates a
> {noformat}
> foo__b_ar.log
> {noformat}
>
> instead of the expected {noformat}foo_bar{noformat}
> {code}
> module FOO_BAR;
> export {
> redef enum Log::ID += { LOG };
> type Info: record {
> ts: time &log;
> msg: string &log;
> };
> }
> event bro_init() {
> Log::create_stream(LOG, [$columns=Info]);
> local l = [$ts = network_time(), $msg="hello"];
> Log::write(LOG, l);
> print "Logged";
> }
> {code}
> The problem is in script land in default_path_func
> {code}
> local module_parts = split_string_n("FOO_BAR", /[^A-Z][A-Z][a-z]*/, T, 4);
> print module_parts;
> {code}
> outputs
> {code}
> [FOO, _B, AR]
> {code}
--
This message was sent by Atlassian JIRA
(v6.4-OD-15-055#64014)
More information about the bro-dev
mailing list