[Zeek-Dev] support for event handlers using a subset of parameters
robin at corelight.com
Tue Feb 19 20:54:58 PST 2019
On Tue, Feb 19, 2019 at 08:28 -0600, Jonathan Siwek wrote:
> we pick points in time as an "event" and associate various bits of
> data with them, then users declare their interest in some subset of
> that data. Most natural way for them to do that seems to be by naming
> each bit of data.
I agree with all of that in principle, but for me it would need a
different syntax to become practical. The current syntax for events
implies certain semantics just by being similar to so many other
languages that don't do named-based matching for parameters.
Robin Sommer * Corelight, Inc. * robin at corelight.com * www.corelight.com
More information about the zeek-dev