[Bro] Hui Lin_Can I control when to create logging files
Hui Lin (Hugo)
hlin33 at illinois.edu
Mon Jan 23 15:46:04 PST 2012
Hi,
In the Bro documentation from the web site, I refer the "Customizing Bro's
Logging" to write my own logs. I pretty under how to customize what to log
but I am still confusing on whether I can control to create logging files.
The following scripts is shown:
event connection_state_remove(c: connection)
{
if ( c$id$orig_h in Site::private_address_space )
c$conn$is_private = T;
}
>From my understanding, it seems that Logs files can only be created
whenever connection_state_remove event handler is called. I can only
customize what to update here. If I don't update it, log files are still
created with default values. Is there any way that I can control when to
put values in memory into the log files?
Hope that I make myself clear.
Best,
Hui
--
Hui Lin
Research Assistant
DEPEND Research Group, ECE Department
University of Illinois at Urbana-Champaign
hlin33 at illinois.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20120123/10f9c081/attachment.html
More information about the Bro
mailing list