[Bro] [EXTERNAL] Re: Log::add_filter with mime_type or filename predicate

[Thomas, Eric D]

resp_mime_types is also uninitialized:

file: , [ts=1380560274.291225, uid=CtYbny3SoceMiawke6, id=[orig_h=X.X.X.X,
orig_p=43457/tcp, resp_h=74.125.239.123, resp_p=80/tcp], trans_depth=1,
method=GET, host=s0.2mdn.net, uri=/viewad/910797/pixel.gif,
referrer=http://www.kbb.com/used-cars/, user_agent=Mozilla/5.0 (Windows NT
6.1; WOW64; rv:17.0) Gecko/20100101 Firefox/17.0, request_body_len=0,
response_body_len=0, status_code=<uninitialized>,
status_msg=<uninitialized>, info_code=<uninitialized>,
info_msg=<uninitialized>, filename=<uninitialized>, tags={

}, username=<uninitialized>, password=<uninitialized>, capture_password=F,
range_request=F, orig_fuids=<uninitialized>,
orig_mime_types=<uninitialized>, resp_fuids=<uninitialized>,
resp_mime_types=<uninitialized>, current_entity=<uninitialized>,
orig_mime_depth=1, resp_mime_depth=0, contenttype=<uninitialized>]



-- 
Eric Thomas

edthoma at sandia.gov




On 9/30/13 1:40 PM, "Seth Hall" <seth at icir.org> wrote:

>
>On Sep 30, 2013, at 3:08 PM, "Thomas, Eric D" <edthoma at sandia.gov> wrote:
>
>> # This line was in the predicate function, but it no longer works
>> # return rec?$mime_type && rec$mime_type == "application/x-dosexec"; },
>
>
>return rec?$resp_mime_types && "application/x-dosexec" in
>rec$resp_mime_types;
>
>  .Seth
>
>--
>Seth Hall
>International Computer Science Institute
>(Bro) because everyone has a network
>http://www.bro.org/
>