[Bro-Dev] [JIRA] (BIT-772) Problem with $path_func in Log filters

Jon Siwek (JIRA) jira at bro-tracker.atlassian.net
Mon Mar 16 10:28:01 PDT 2015 

     [ https://bro-tracker.atlassian.net/browse/BIT-772?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jon Siwek updated BIT-772:
--------------------------
    Fix Version/s:     (was: 2.4)

> Problem with $path_func in Log filters
> --------------------------------------
>
>                 Key: BIT-772
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-772
>             Project: Bro Issue Tracker
>          Issue Type: Problem
>          Components: Bro
>    Affects Versions: git/master
>            Reporter: Seth Hall
>            Assignee: Seth Hall
>            Priority: High
>
> I finally wrote a generic path_func and it doesn't work.  The 'path' variable that is passed into the $path_func field when it's called is not filled out.  This should be an easy fix.
> {noformat}
> module Log;
> export {
> 	## A generic log path function that can be used in any filter if the record associated
> 	## with the stream has a field named 'id' of type :bro:type:`conn_id` to split the log
> 	## records into different files names based on if the connection was originated locally
> 	## or not.
> 	global directional_path_func:  function(id: Log::ID, path: string, rec: record {id: conn_id;}): string;
> }
> function directional_path_func(id: Log::ID, path: string, rec: record { id: conn_id; }): string
> 	{
> 	local direction: string;
> 	local orig_local = Site::is_local_addr(rec$id$orig_h);
> 	local resp_local = Site::is_local_addr(rec$id$resp_h);
> 	
> 	if ( orig_local )
> 		direction = resp_local ? "localonly" : "outbound";
> 	else
> 		direction = resp_local ? "inbound" : "remoteonly";
> 	
> 	return fmt("%s_%s", path, direction);
> 	}
> event bro_init()
> 	{
> 	Log::remove_default_filter(DNS::LOG);
> 	Log::add_filter(DNS::LOG, [$name = "directional_split", $path_func = directional_path_func]);
> 	
> 	Log::remove_default_filter(HTTP::LOG);
> 	Log::add_filter(HTTP::LOG, [$name = "directional_split", $path_func = directional_path_func]);
> 	
> 	}
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.4-OD-15-055#64014)

More information about the bro-dev mailing list