>  Do I need to add an 'is_orig' flag to at least the 'file_new' event?

I don't know the internals of the FA framework, I just recall a record
fa_file which appears to be what the Info record is to the logging
framework. Could it make sense to put the directionality in there for
more flexibility? Then users can access this information in any event.

     Matthias
_______________________________________________
bro-dev mailing list
[email protected]
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev

Reply via email to