[Bro-Dev] [JIRA] (BIT-772) Problem with $path_func in Log filters

Mon, 16 Mar 2015 10:52:29 -0700 

    [ 
https://bro-tracker.atlassian.net/browse/BIT-772?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=19958#comment-19958
 ] 

Seth Hall commented on BIT-772:
-------------------------------

I think there was something rather subtle that I wanted to fix here, but I 
don't remember what it was anymore so closing this is fine.

> Problem with $path_func in Log filters
> --------------------------------------
>
>                 Key: BIT-772
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-772
>             Project: Bro Issue Tracker
>          Issue Type: Problem
>          Components: Bro
>    Affects Versions: git/master
>            Reporter: Seth Hall
>            Assignee: Seth Hall
>            Priority: High
>
> I finally wrote a generic path_func and it doesn't work.  The 'path' variable 
> that is passed into the $path_func field when it's called is not filled out.  
> This should be an easy fix.
> {noformat}
> module Log;
> export {
>       ## A generic log path function that can be used in any filter if the 
> record associated
>       ## with the stream has a field named 'id' of type :bro:type:`conn_id` 
> to split the log
>       ## records into different files names based on if the connection was 
> originated locally
>       ## or not.
>       global directional_path_func:  function(id: Log::ID, path: string, rec: 
> record {id: conn_id;}): string;
> }
> function directional_path_func(id: Log::ID, path: string, rec: record { id: 
> conn_id; }): string
>       {
>       local direction: string;
>       local orig_local = Site::is_local_addr(rec$id$orig_h);
>       local resp_local = Site::is_local_addr(rec$id$resp_h);
>       
>       if ( orig_local )
>               direction = resp_local ? "localonly" : "outbound";
>       else
>               direction = resp_local ? "inbound" : "remoteonly";
>       
>       return fmt("%s_%s", path, direction);
>       }
> event bro_init()
>       {
>       Log::remove_default_filter(DNS::LOG);
>       Log::add_filter(DNS::LOG, [$name = "directional_split", $path_func = 
> directional_path_func]);
>       
>       Log::remove_default_filter(HTTP::LOG);
>       Log::add_filter(HTTP::LOG, [$name = "directional_split", $path_func = 
> directional_path_func]);
>       
>       }
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.4-OD-15-055#64014)
_______________________________________________
bro-dev mailing list
[email protected]
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev

Reply via email to