[Zeek-Dev] support for event handlers using a subset of parameters

Robin Sommer robin at corelight.com
Tue Feb 19 20:54:58 PST 2019



On Tue, Feb 19, 2019 at 08:28 -0600, Jonathan Siwek wrote:

> we pick points in time as an "event" and associate various bits of
> data with them, then users declare their interest in some subset of
> that data. Most natural way for them to do that seems to be by naming
> each bit of data.

I agree with all of that in principle, but for me it would need a
different syntax to become practical. The current syntax for events
implies certain semantics just by being similar to so many other
languages that don't do named-based matching for parameters.

Robin

-- 
Robin Sommer * Corelight, Inc. * robin at corelight.com * www.corelight.com


More information about the zeek-dev mailing list