[Bro] Correct way to log record with modification

[Jon Siwek]

On 5/1/18 3:07 AM, John Y wrote:

> 1. How i handle with uninitialize field? The assignment conn$query failed.

You can first check if it's initialized via the ?$ operator.  More docs 
on various operators at [1].

> 2. If i have a lot of fields to log, do i need to write them all in the 
> write commans or there is some shortcut? Remeber that i must modify the 
> fields.

You don't have to put the them inside the Log::write() function call, 
though there's no getting around the fact that you'll need to create one 
'info' value per call.  You can do that inline with the call like you 
had shown or you can create the value and store it in a local/global 
variable, or possibly abstract out common patterns that you find into 
some other custom function.  You can decide whichever way fits.

- Jon

[1] https://www.bro.org/sphinx/script-reference/operators.html