[Zeek] printing stream columns

Jon Siwek jsiwek at corelight.com
Fri Nov 1 12:53:13 PDT 2019


On Fri, Nov 1, 2019 at 4:11 AM Henri Dubois-Ferriere <henridf at gmail.com> wrote:

> I'd like to be able to peek into nested records to get the inner fields that will show up in the logs. It doesn't seem like there's a way to do record introspection given a string representation of the record type name, but if I'd be delighted to be told I'm missing something.

No, didn't look like there was a way to do that, but I've made a
PR/patch that should make recursive introspection possible via
something like `record_fields("conn_id")` for any arbitrary record
type name:

https://github.com/zeek/zeek/pull/675

- Jon



More information about the Zeek mailing list