[Bro-Dev] [JIRA] (BIT-772) Problem with $path_func in Log filters
Seth Hall (JIRA)
jira at bro-tracker.atlassian.net
Mon Mar 16 10:49:00 PDT 2015
[ https://bro-tracker.atlassian.net/browse/BIT-772?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=19958#comment-19958 ]
Seth Hall commented on BIT-772:
-------------------------------
I think there was something rather subtle that I wanted to fix here, but I don't remember what it was anymore so closing this is fine.
> Problem with $path_func in Log filters
> --------------------------------------
>
> Key: BIT-772
> URL: https://bro-tracker.atlassian.net/browse/BIT-772
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: Bro
> Affects Versions: git/master
> Reporter: Seth Hall
> Assignee: Seth Hall
> Priority: High
>
> I finally wrote a generic path_func and it doesn't work. The 'path' variable that is passed into the $path_func field when it's called is not filled out. This should be an easy fix.
> {noformat}
> module Log;
> export {
> ## A generic log path function that can be used in any filter if the record associated
> ## with the stream has a field named 'id' of type :bro:type:`conn_id` to split the log
> ## records into different files names based on if the connection was originated locally
> ## or not.
> global directional_path_func: function(id: Log::ID, path: string, rec: record {id: conn_id;}): string;
> }
> function directional_path_func(id: Log::ID, path: string, rec: record { id: conn_id; }): string
> {
> local direction: string;
> local orig_local = Site::is_local_addr(rec$id$orig_h);
> local resp_local = Site::is_local_addr(rec$id$resp_h);
>
> if ( orig_local )
> direction = resp_local ? "localonly" : "outbound";
> else
> direction = resp_local ? "inbound" : "remoteonly";
>
> return fmt("%s_%s", path, direction);
> }
> event bro_init()
> {
> Log::remove_default_filter(DNS::LOG);
> Log::add_filter(DNS::LOG, [$name = "directional_split", $path_func = directional_path_func]);
>
> Log::remove_default_filter(HTTP::LOG);
> Log::add_filter(HTTP::LOG, [$name = "directional_split", $path_func = directional_path_func]);
>
> }
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.4-OD-15-055#64014)
More information about the bro-dev
mailing list