[Bro] How "priority" keyword works?

Vito Logrillo vitologrillo at gmail.com
Fri Oct 31 01:48:52 PDT 2014


Hi,
i have some questions about priority keyword: i'll try to explain with an
example.
If i make a script able to write a new log file

------snippet code.bro------
event dns_message(c: connection, is_orig: bool, msg: dns_msg, len: count)
&priority=5
{
 if(c$id$orig_p == 138/udp)
{
...do something and write in my custom log file...
}
}
-------------------------------------

My custom event dns_message overrides the standard event?
The standard event is executed or not in this case?
Should i find the same packet logged in dns.log and in my custom log or not?
It depends on priority keyword?  And what happens if i set priority = -5?
Thanks
Vito
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20141031/d3a18526/attachment.html 


More information about the Bro mailing list