[Zeek] printing stream columns
Henri Dubois-Ferriere
henridf at gmail.com
Mon Nov 11 13:24:09 PST 2019
Cool, that's exactly the place i was looking (wasn't sure if changing this
might break existing scripts... but since this is all quite new, probably
best to make the change soon). I'll get the PR up soon.
On Mon, 11 Nov 2019 at 22:17, Jon Siwek <jsiwek at corelight.com> wrote:
> On Mon, Nov 11, 2019 at 11:37 AM Henri Dubois-Ferriere
> <henridf at gmail.com> wrote:
>
> > I still have one outstanding issue which is that for a container type,
> record_field$type_name is just the container name (such as "vector" or
> "set"). I don't see a way to get the type of the container elements from
> zeek script, but once again would be delighted to be corrected.
> >
> > And if there's currently no way, I'm happy to put up a PR, but I could
> use some guidance on how to expose this in Zeek (e.g. a new field on
> record_field?).
>
> Would be great if you want to try making a PR. The first way to do it
> that comes to mind is just alter that "record_field$type_name" to
> better describe containers in a format like "vector of XXX",
> "set[XXX]" or "table[XXX] of YYY". This should be the relevant code
> to modify:
>
>
> https://github.com/zeek/zeek/blob/b86a8acc2b84089efbbe51216a4f4d1d57a4f430/src/Type.cc#L845-L850
>
> - Jon
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20191111/4acc3716/attachment.html
More information about the Zeek
mailing list