[Bro-Dev] [JIRA] (BIT-1504) The facility to serialize tables to a log
Johanna Amann (JIRA)
jira at bro-tracker.atlassian.net
Thu Nov 5 15:27:00 PST 2015
[ https://bro-tracker.atlassian.net/browse/BIT-1504?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Johanna Amann updated BIT-1504:
-------------------------------
Priority: Low (was: High)
> The facility to serialize tables to a log
> -----------------------------------------
>
> Key: BIT-1504
> URL: https://bro-tracker.atlassian.net/browse/BIT-1504
> Project: Bro Issue Tracker
> Issue Type: New Feature
> Components: Bro
> Reporter: Aaron Eppert
> Priority: Low
>
> ```@load base/protocols/http/main
> @load base/protocols/http/utils
> module HTTP;
> redef record Info += {
> cookies: table[string] of string &optional &log;
> };
> event http_header(c: connection, is_orig: bool, name: string, value: string)
> {
> if ( is_orig && name == "COOKIE" ) {
> if ( ! c$http?$cookies ) {
> c$http$cookies = table();
> }
>
> local cookie_vec = split_string(value, /;[[:blank:]]*/);
>
> for (cookie in cookie_vec) {
> local kv = split_string(value, /=/);
> if (|kv| == 2) {
> c$http$cookies[kv[0]] = kv[1];
> }
> }
> }
> }
> ```
> Simple example. The ability to serialize the above to a log file, given it uses simple string indices and values would seem to be straight forward per looking at the Ascii and JSON writers, which appear to support TYPE_TABLE natively. I spent some time looking at how to implement this at the layers above, but the (!t->IsSet()) in SerialTypes.cc's Value::IsCompatibleType(...) is an obvious blocker and I ran out of time to deduce the rest.
> I would assume I am not alone in this want as it would make proper downstream referencing of the resulting KV pairs from the table especially easy to navigate. This is, again, very much the case when using the JSON writer given it should natively serialize into very easily usable KV pair notation.
--
This message was sent by Atlassian JIRA
(v7.0.0-OD-08-005#70107)
More information about the bro-dev
mailing list