diff --git a/NEWS b/NEWS
index 4d1539b33c..da6d7c36eb 100644
--- a/NEWS
+++ b/NEWS
@@ -102,6 +102,15 @@ Changed Functionality
- [TODO] Add changed BroControl features.
+- When adding a logging filter to a stream, the filter can now inherit
+ a default ``path`` field from the associated ``Log::Stream`` record.
+
+- When adding a logging filter to a stream, the
+ ``Log::default_path_func`` is now only automatically added to the
+ filter if it has neither a ``path`` nor a ``path_func`` already
+ explicitly set. Before, the default path function would always be set
+ for all filters which didn't specify their own ``path_func``.
+
Deprecated Functionality
------------------------
diff --git a/scripts/base/files/unified2/main.bro b/scripts/base/files/unified2/main.bro
index 73f98aa5f8..9d9ef15d79 100644
--- a/scripts/base/files/unified2/main.bro
+++ b/scripts/base/files/unified2/main.bro
@@ -195,7 +195,7 @@ event Input::end_of_data(name: string, source: string)
event bro_init() &priority=5
{
- Log::create_stream(Unified2::LOG, [$columns=Info, $ev=log_unified2]);
+ Log::create_stream(Unified2::LOG, [$columns=Info, $ev=log_unified2, $path="unified2"]);
if ( sid_msg == "" )
{
diff --git a/scripts/base/files/x509/main.bro b/scripts/base/files/x509/main.bro
index 10445ad846..a810132f8d 100644
--- a/scripts/base/files/x509/main.bro
+++ b/scripts/base/files/x509/main.bro
@@ -36,7 +36,7 @@ export {
event bro_init() &priority=5
{
- Log::create_stream(X509::LOG, [$columns=Info, $ev=log_x509]);
+ Log::create_stream(X509::LOG, [$columns=Info, $ev=log_x509, $path="x509"]);
}
redef record Files::Info += {
diff --git a/scripts/base/frameworks/cluster/main.bro b/scripts/base/frameworks/cluster/main.bro
index 12cc9e27d4..218e309bad 100644
--- a/scripts/base/frameworks/cluster/main.bro
+++ b/scripts/base/frameworks/cluster/main.bro
@@ -159,5 +159,5 @@ event bro_init() &priority=5
terminate();
}
- Log::create_stream(Cluster::LOG, [$columns=Info]);
+ Log::create_stream(Cluster::LOG, [$columns=Info, $path="cluster"]);
}
diff --git a/scripts/base/frameworks/communication/main.bro b/scripts/base/frameworks/communication/main.bro
index 92d527101d..af4eb9fca5 100644
--- a/scripts/base/frameworks/communication/main.bro
+++ b/scripts/base/frameworks/communication/main.bro
@@ -164,7 +164,7 @@ const src_names = {
event bro_init() &priority=5
{
- Log::create_stream(Communication::LOG, [$columns=Info]);
+ Log::create_stream(Communication::LOG, [$columns=Info, $path="communication"]);
}
function do_script_log_common(level: count, src: count, msg: string)
diff --git a/scripts/base/frameworks/dpd/main.bro b/scripts/base/frameworks/dpd/main.bro
index 9df8a45e5e..4586e2c02e 100644
--- a/scripts/base/frameworks/dpd/main.bro
+++ b/scripts/base/frameworks/dpd/main.bro
@@ -38,7 +38,7 @@ redef record connection += {
event bro_init() &priority=5
{
- Log::create_stream(DPD::LOG, [$columns=Info]);
+ Log::create_stream(DPD::LOG, [$columns=Info, $path="dpd"]);
}
event protocol_confirmation(c: connection, atype: Analyzer::Tag, aid: count) &priority=10
diff --git a/scripts/base/frameworks/files/main.bro b/scripts/base/frameworks/files/main.bro
index 94a46578c0..fa4df59cf3 100644
--- a/scripts/base/frameworks/files/main.bro
+++ b/scripts/base/frameworks/files/main.bro
@@ -313,7 +313,7 @@ global analyzer_add_callbacks: table[Files::Tag] of function(f: fa_file, args: A
event bro_init() &priority=5
{
- Log::create_stream(Files::LOG, [$columns=Info, $ev=log_files]);
+ Log::create_stream(Files::LOG, [$columns=Info, $ev=log_files, $path="files"]);
}
function set_info(f: fa_file)
diff --git a/scripts/base/frameworks/intel/main.bro b/scripts/base/frameworks/intel/main.bro
index 4866766df4..4f7428de18 100644
--- a/scripts/base/frameworks/intel/main.bro
+++ b/scripts/base/frameworks/intel/main.bro
@@ -174,7 +174,7 @@ global min_data_store: MinDataStore &redef;
event bro_init() &priority=5
{
- Log::create_stream(LOG, [$columns=Info, $ev=log_intel]);
+ Log::create_stream(LOG, [$columns=Info, $ev=log_intel, $path="intel"]);
}
function find(s: Seen): bool
diff --git a/scripts/base/frameworks/logging/main.bro b/scripts/base/frameworks/logging/main.bro
index d4d5c0244e..3e0faac21b 100644
--- a/scripts/base/frameworks/logging/main.bro
+++ b/scripts/base/frameworks/logging/main.bro
@@ -50,11 +50,17 @@ export {
## The event receives a single same parameter, an instance of
## type ``columns``.
ev: any &optional;
+
+ ## A path that will be inherited by any filters added to the
+ ## stream which do not already specify their own path.
+ path: string &optional;
};
## Builds the default path values for log filters if not otherwise
## specified by a filter. The default implementation uses *id*
- ## to derive a name.
+ ## to derive a name. Upon adding a filter to a stream, if neither
+ ## ``path`` nor ``path_func`` is explicitly set by them, then
+ ## this function is used as the ``path_func``.
##
## id: The ID associated with the log stream.
##
@@ -143,7 +149,9 @@ export {
## to compute the string dynamically. It is ok to return
## different strings for separate calls, but be careful: it's
## easy to flood the disk by returning a new string for each
- ## connection.
+ ## connection. Upon adding a filter to a stream, if neither
+ ## ``path`` nor ``path_func`` is explicitly set by them, then
+ ## :bro:see:`default_path_func` is used.
##
## id: The ID associated with the log stream.
##
@@ -379,6 +387,8 @@ export {
global active_streams: table[ID] of Stream = table();
}
+global all_streams: table[ID] of Stream = table();
+
# We keep a script-level copy of all filters so that we can manipulate them.
global filters: table[ID, string] of Filter;
@@ -463,6 +473,7 @@ function create_stream(id: ID, stream: Stream) : bool
return F;
active_streams[id] = stream;
+ all_streams[id] = stream;
return add_default_filter(id);
}
@@ -470,6 +481,7 @@ function create_stream(id: ID, stream: Stream) : bool
function remove_stream(id: ID) : bool
{
delete active_streams[id];
+ delete all_streams[id];
return __remove_stream(id);
}
@@ -482,10 +494,12 @@ function disable_stream(id: ID) : bool
function add_filter(id: ID, filter: Filter) : bool
{
- # This is a work-around for the fact that we can't forward-declare
- # the default_path_func and then use it as &default in the record
- # definition.
- if ( ! filter?$path_func )
+ local stream = all_streams[id];
+
+ if ( stream?$path && ! filter?$path )
+ filter$path = stream$path;
+
+ if ( ! filter?$path && ! filter?$path_func )
filter$path_func = default_path_func;
filters[id, filter$name] = filter;
diff --git a/scripts/base/frameworks/notice/main.bro b/scripts/base/frameworks/notice/main.bro
index d7d9bd61c9..4b4a1dcb9e 100644
--- a/scripts/base/frameworks/notice/main.bro
+++ b/scripts/base/frameworks/notice/main.bro
@@ -349,9 +349,9 @@ function log_mailing_postprocessor(info: Log::RotationInfo): bool
event bro_init() &priority=5
{
- Log::create_stream(Notice::LOG, [$columns=Info, $ev=log_notice]);
+ Log::create_stream(Notice::LOG, [$columns=Info, $ev=log_notice, $path="notice"]);
- Log::create_stream(Notice::ALARM_LOG, [$columns=Notice::Info]);
+ Log::create_stream(Notice::ALARM_LOG, [$columns=Notice::Info, $path="notice_alarm"]);
# If Bro is configured for mailing notices, set up mailing for alarms.
# Make sure that this alarm log is also output as text so that it can
# be packaged up and emailed later.
diff --git a/scripts/base/frameworks/notice/weird.bro b/scripts/base/frameworks/notice/weird.bro
index 474f021cef..627849a591 100644
--- a/scripts/base/frameworks/notice/weird.bro
+++ b/scripts/base/frameworks/notice/weird.bro
@@ -294,7 +294,7 @@ global current_conn: connection;
event bro_init() &priority=5
{
- Log::create_stream(Weird::LOG, [$columns=Info, $ev=log_weird]);
+ Log::create_stream(Weird::LOG, [$columns=Info, $ev=log_weird, $path="weird"]);
}
function flow_id_string(src: addr, dst: addr): string
diff --git a/scripts/base/frameworks/packet-filter/main.bro b/scripts/base/frameworks/packet-filter/main.bro
index 8b1739acb4..b0a6f144e3 100644
--- a/scripts/base/frameworks/packet-filter/main.bro
+++ b/scripts/base/frameworks/packet-filter/main.bro
@@ -159,7 +159,7 @@ event filter_change_tracking()
event bro_init() &priority=5
{
- Log::create_stream(PacketFilter::LOG, [$columns=Info]);
+ Log::create_stream(PacketFilter::LOG, [$columns=Info, $path="packet_filter"]);
# Preverify the capture and restrict filters to give more granular failure messages.
for ( id in capture_filters )
diff --git a/scripts/base/frameworks/reporter/main.bro b/scripts/base/frameworks/reporter/main.bro
index 873cb15a45..e87407c89a 100644
--- a/scripts/base/frameworks/reporter/main.bro
+++ b/scripts/base/frameworks/reporter/main.bro
@@ -45,7 +45,7 @@ export {
event bro_init() &priority=5
{
- Log::create_stream(Reporter::LOG, [$columns=Info]);
+ Log::create_stream(Reporter::LOG, [$columns=Info, $path="reporter"]);
}
event reporter_info(t: time, msg: string, location: string) &priority=-5
diff --git a/scripts/base/frameworks/signatures/main.bro b/scripts/base/frameworks/signatures/main.bro
index 5b233d1db1..c0b57ba508 100644
--- a/scripts/base/frameworks/signatures/main.bro
+++ b/scripts/base/frameworks/signatures/main.bro
@@ -142,7 +142,7 @@ global did_sig_log: set[string] &read_expire = 1 hr;
event bro_init()
{
- Log::create_stream(Signatures::LOG, [$columns=Info, $ev=log_signature]);
+ Log::create_stream(Signatures::LOG, [$columns=Info, $ev=log_signature, $path="signatures"]);
}
# Returns true if the given signature has already been triggered for the given
diff --git a/scripts/base/frameworks/software/main.bro b/scripts/base/frameworks/software/main.bro
index f7b8ce9326..bcb791b4f4 100644
--- a/scripts/base/frameworks/software/main.bro
+++ b/scripts/base/frameworks/software/main.bro
@@ -105,7 +105,7 @@ export {
event bro_init() &priority=5
{
- Log::create_stream(Software::LOG, [$columns=Info, $ev=log_software]);
+ Log::create_stream(Software::LOG, [$columns=Info, $ev=log_software, $path="software"]);
}
type Description: record {
diff --git a/scripts/base/frameworks/tunnels/main.bro b/scripts/base/frameworks/tunnels/main.bro
index 04207618d7..7721ce3a02 100644
--- a/scripts/base/frameworks/tunnels/main.bro
+++ b/scripts/base/frameworks/tunnels/main.bro
@@ -89,7 +89,7 @@ redef likely_server_ports += { ayiya_ports, teredo_ports, gtpv1_ports };
event bro_init() &priority=5
{
- Log::create_stream(Tunnel::LOG, [$columns=Info]);
+ Log::create_stream(Tunnel::LOG, [$columns=Info, $path="tunnel"]);
Analyzer::register_for_ports(Analyzer::ANALYZER_AYIYA, ayiya_ports);
Analyzer::register_for_ports(Analyzer::ANALYZER_TEREDO, teredo_ports);
diff --git a/scripts/base/protocols/conn/main.bro b/scripts/base/protocols/conn/main.bro
index 1d3e37c691..7ef204268b 100644
--- a/scripts/base/protocols/conn/main.bro
+++ b/scripts/base/protocols/conn/main.bro
@@ -127,7 +127,7 @@ redef record connection += {
event bro_init() &priority=5
{
- Log::create_stream(Conn::LOG, [$columns=Info, $ev=log_conn]);
+ Log::create_stream(Conn::LOG, [$columns=Info, $ev=log_conn, $path="conn"]);
}
function conn_state(c: connection, trans: transport_proto): string
diff --git a/scripts/base/protocols/dhcp/main.bro b/scripts/base/protocols/dhcp/main.bro
index d6bb0defd2..bfc3d98117 100644
--- a/scripts/base/protocols/dhcp/main.bro
+++ b/scripts/base/protocols/dhcp/main.bro
@@ -49,7 +49,7 @@ redef likely_server_ports += { 67/udp };
event bro_init() &priority=5
{
- Log::create_stream(DHCP::LOG, [$columns=Info, $ev=log_dhcp]);
+ Log::create_stream(DHCP::LOG, [$columns=Info, $ev=log_dhcp, $path="dhcp"]);
Analyzer::register_for_ports(Analyzer::ANALYZER_DHCP, ports);
}
diff --git a/scripts/base/protocols/dnp3/main.bro b/scripts/base/protocols/dnp3/main.bro
index c00934a65b..35dd012d75 100644
--- a/scripts/base/protocols/dnp3/main.bro
+++ b/scripts/base/protocols/dnp3/main.bro
@@ -36,7 +36,7 @@ redef likely_server_ports += { ports };
event bro_init() &priority=5
{
- Log::create_stream(DNP3::LOG, [$columns=Info, $ev=log_dnp3]);
+ Log::create_stream(DNP3::LOG, [$columns=Info, $ev=log_dnp3, $path="dnp3"]);
Analyzer::register_for_ports(Analyzer::ANALYZER_DNP3_TCP, ports);
}
diff --git a/scripts/base/protocols/dns/main.bro b/scripts/base/protocols/dns/main.bro
index 83c9682e8c..7b8826f0fd 100644
--- a/scripts/base/protocols/dns/main.bro
+++ b/scripts/base/protocols/dns/main.bro
@@ -150,7 +150,7 @@ redef likely_server_ports += { ports };
event bro_init() &priority=5
{
- Log::create_stream(DNS::LOG, [$columns=Info, $ev=log_dns]);
+ Log::create_stream(DNS::LOG, [$columns=Info, $ev=log_dns, $path="dns"]);
Analyzer::register_for_ports(Analyzer::ANALYZER_DNS, ports);
}
diff --git a/scripts/base/protocols/ftp/main.bro b/scripts/base/protocols/ftp/main.bro
index 24195c1d7e..f98e33b315 100644
--- a/scripts/base/protocols/ftp/main.bro
+++ b/scripts/base/protocols/ftp/main.bro
@@ -52,7 +52,7 @@ redef likely_server_ports += { ports };
event bro_init() &priority=5
{
- Log::create_stream(FTP::LOG, [$columns=Info, $ev=log_ftp]);
+ Log::create_stream(FTP::LOG, [$columns=Info, $ev=log_ftp, $path="ftp"]);
Analyzer::register_for_ports(Analyzer::ANALYZER_FTP, ports);
}
diff --git a/scripts/base/protocols/http/main.bro b/scripts/base/protocols/http/main.bro
index 2349635844..c8f06dff18 100644
--- a/scripts/base/protocols/http/main.bro
+++ b/scripts/base/protocols/http/main.bro
@@ -135,7 +135,7 @@ redef likely_server_ports += { ports };
# Initialize the HTTP logging stream and ports.
event bro_init() &priority=5
{
- Log::create_stream(HTTP::LOG, [$columns=Info, $ev=log_http]);
+ Log::create_stream(HTTP::LOG, [$columns=Info, $ev=log_http, $path="http"]);
Analyzer::register_for_ports(Analyzer::ANALYZER_HTTP, ports);
}
diff --git a/scripts/base/protocols/irc/main.bro b/scripts/base/protocols/irc/main.bro
index d861e88ae9..c2de29da6a 100644
--- a/scripts/base/protocols/irc/main.bro
+++ b/scripts/base/protocols/irc/main.bro
@@ -43,7 +43,7 @@ redef likely_server_ports += { ports };
event bro_init() &priority=5
{
- Log::create_stream(IRC::LOG, [$columns=Info, $ev=irc_log]);
+ Log::create_stream(IRC::LOG, [$columns=Info, $ev=irc_log, $path="irc"]);
Analyzer::register_for_ports(Analyzer::ANALYZER_IRC, ports);
}
diff --git a/scripts/base/protocols/modbus/main.bro b/scripts/base/protocols/modbus/main.bro
index 707c2e47a7..5a30d170e5 100644
--- a/scripts/base/protocols/modbus/main.bro
+++ b/scripts/base/protocols/modbus/main.bro
@@ -34,7 +34,7 @@ redef likely_server_ports += { ports };
event bro_init() &priority=5
{
- Log::create_stream(Modbus::LOG, [$columns=Info, $ev=log_modbus]);
+ Log::create_stream(Modbus::LOG, [$columns=Info, $ev=log_modbus, $path="modbus"]);
Analyzer::register_for_ports(Analyzer::ANALYZER_MODBUS, ports);
}
diff --git a/scripts/base/protocols/mysql/main.bro b/scripts/base/protocols/mysql/main.bro
index 748049965a..e4ba07cbca 100644
--- a/scripts/base/protocols/mysql/main.bro
+++ b/scripts/base/protocols/mysql/main.bro
@@ -39,7 +39,7 @@ const ports = { 1434/tcp, 3306/tcp };
event bro_init() &priority=5
{
- Log::create_stream(mysql::LOG, [$columns=Info, $ev=log_mysql]);
+ Log::create_stream(mysql::LOG, [$columns=Info, $ev=log_mysql, $path="mysql"]);
Analyzer::register_for_ports(Analyzer::ANALYZER_MYSQL, ports);
}
diff --git a/scripts/base/protocols/radius/main.bro b/scripts/base/protocols/radius/main.bro
index 96d4bc1701..d9c2d08ca8 100644
--- a/scripts/base/protocols/radius/main.bro
+++ b/scripts/base/protocols/radius/main.bro
@@ -59,7 +59,7 @@ const ports = { 1812/udp };
event bro_init() &priority=5
{
- Log::create_stream(RADIUS::LOG, [$columns=Info, $ev=log_radius]);
+ Log::create_stream(RADIUS::LOG, [$columns=Info, $ev=log_radius, $path="radius"]);
Analyzer::register_for_ports(Analyzer::ANALYZER_RADIUS, ports);
}
diff --git a/scripts/base/protocols/smtp/main.bro b/scripts/base/protocols/smtp/main.bro
index 925b0f4da5..5fb5cac4bc 100644
--- a/scripts/base/protocols/smtp/main.bro
+++ b/scripts/base/protocols/smtp/main.bro
@@ -92,7 +92,7 @@ redef likely_server_ports += { ports };
event bro_init() &priority=5
{
- Log::create_stream(SMTP::LOG, [$columns=SMTP::Info, $ev=log_smtp]);
+ Log::create_stream(SMTP::LOG, [$columns=SMTP::Info, $ev=log_smtp, $path="smtp"]);
Analyzer::register_for_ports(Analyzer::ANALYZER_SMTP, ports);
}
diff --git a/scripts/base/protocols/snmp/main.bro b/scripts/base/protocols/snmp/main.bro
index 4921794408..ec45d59440 100644
--- a/scripts/base/protocols/snmp/main.bro
+++ b/scripts/base/protocols/snmp/main.bro
@@ -66,7 +66,7 @@ redef likely_server_ports += { ports };
event bro_init() &priority=5
{
Analyzer::register_for_ports(Analyzer::ANALYZER_SNMP, ports);
- Log::create_stream(SNMP::LOG, [$columns=SNMP::Info, $ev=log_snmp]);
+ Log::create_stream(SNMP::LOG, [$columns=SNMP::Info, $ev=log_snmp, $path="snmp"]);
}
function init_state(c: connection, h: SNMP::Header): Info
diff --git a/scripts/base/protocols/socks/main.bro b/scripts/base/protocols/socks/main.bro
index e052962888..c63092f609 100644
--- a/scripts/base/protocols/socks/main.bro
+++ b/scripts/base/protocols/socks/main.bro
@@ -43,7 +43,7 @@ redef likely_server_ports += { ports };
event bro_init() &priority=5
{
- Log::create_stream(SOCKS::LOG, [$columns=Info, $ev=log_socks]);
+ Log::create_stream(SOCKS::LOG, [$columns=Info, $ev=log_socks, $path="socks"]);
Analyzer::register_for_ports(Analyzer::ANALYZER_SOCKS, ports);
}
diff --git a/scripts/base/protocols/ssh/main.bro b/scripts/base/protocols/ssh/main.bro
index 33b0c84147..1d97a9d5fc 100644
--- a/scripts/base/protocols/ssh/main.bro
+++ b/scripts/base/protocols/ssh/main.bro
@@ -73,7 +73,7 @@ redef likely_server_ports += { ports };
event bro_init() &priority=5
{
- Log::create_stream(SSH::LOG, [$columns=Info, $ev=log_ssh]);
+ Log::create_stream(SSH::LOG, [$columns=Info, $ev=log_ssh, $path="ssh"]);
Analyzer::register_for_ports(Analyzer::ANALYZER_SSH, ports);
}
diff --git a/scripts/base/protocols/ssl/main.bro b/scripts/base/protocols/ssl/main.bro
index a1461db82d..4b232e4b8e 100644
--- a/scripts/base/protocols/ssl/main.bro
+++ b/scripts/base/protocols/ssl/main.bro
@@ -100,7 +100,7 @@ redef likely_server_ports += { ports };
event bro_init() &priority=5
{
- Log::create_stream(SSL::LOG, [$columns=Info, $ev=log_ssl]);
+ Log::create_stream(SSL::LOG, [$columns=Info, $ev=log_ssl, $path="ssl"]);
Analyzer::register_for_ports(Analyzer::ANALYZER_SSL, ports);
}
diff --git a/scripts/base/protocols/syslog/main.bro b/scripts/base/protocols/syslog/main.bro
index afe562c890..593c8ab9a2 100644
--- a/scripts/base/protocols/syslog/main.bro
+++ b/scripts/base/protocols/syslog/main.bro
@@ -35,7 +35,7 @@ redef likely_server_ports += { ports };
event bro_init() &priority=5
{
- Log::create_stream(Syslog::LOG, [$columns=Info]);
+ Log::create_stream(Syslog::LOG, [$columns=Info, $path="syslog"]);
Analyzer::register_for_ports(Analyzer::ANALYZER_SYSLOG, ports);
}
diff --git a/scripts/policy/integration/barnyard2/main.bro b/scripts/policy/integration/barnyard2/main.bro
index 42364e8d76..10dd242049 100644
--- a/scripts/policy/integration/barnyard2/main.bro
+++ b/scripts/policy/integration/barnyard2/main.bro
@@ -23,7 +23,7 @@ export {
event bro_init() &priority=5
{
- Log::create_stream(Barnyard2::LOG, [$columns=Info]);
+ Log::create_stream(Barnyard2::LOG, [$columns=Info, $path="barnyard2"]);
}
diff --git a/scripts/policy/misc/app-stats/main.bro b/scripts/policy/misc/app-stats/main.bro
index 3a0219db6e..d80763c699 100644
--- a/scripts/policy/misc/app-stats/main.bro
+++ b/scripts/policy/misc/app-stats/main.bro
@@ -38,7 +38,7 @@ global add_sumstats: hook(id: conn_id, hostname: string, size: count);
event bro_init() &priority=3
{
- Log::create_stream(AppStats::LOG, [$columns=Info]);
+ Log::create_stream(AppStats::LOG, [$columns=Info, $path="app_stats"]);
local r1: SumStats::Reducer = [$stream="apps.bytes", $apply=set(SumStats::SUM)];
local r2: SumStats::Reducer = [$stream="apps.hits", $apply=set(SumStats::UNIQUE)];
diff --git a/scripts/policy/misc/capture-loss.bro b/scripts/policy/misc/capture-loss.bro
index 089412020a..28f468a1c8 100644
--- a/scripts/policy/misc/capture-loss.bro
+++ b/scripts/policy/misc/capture-loss.bro
@@ -76,7 +76,7 @@ event CaptureLoss::take_measurement(last_ts: time, last_acks: count, last_gaps:
event bro_init() &priority=5
{
- Log::create_stream(LOG, [$columns=Info]);
+ Log::create_stream(LOG, [$columns=Info, $path="capture_loss"]);
# We only schedule the event if we are capturing packets.
if ( reading_live_traffic() || reading_traces() )
diff --git a/scripts/policy/misc/detect-traceroute/main.bro b/scripts/policy/misc/detect-traceroute/main.bro
index 68151e209a..5cbb34e27e 100644
--- a/scripts/policy/misc/detect-traceroute/main.bro
+++ b/scripts/policy/misc/detect-traceroute/main.bro
@@ -55,7 +55,7 @@ export {
event bro_init() &priority=5
{
- Log::create_stream(Traceroute::LOG, [$columns=Info, $ev=log_traceroute]);
+ Log::create_stream(Traceroute::LOG, [$columns=Info, $ev=log_traceroute, $path="traceroute"]);
local r1: SumStats::Reducer = [$stream="traceroute.time_exceeded", $apply=set(SumStats::UNIQUE)];
local r2: SumStats::Reducer = [$stream="traceroute.low_ttl_packet", $apply=set(SumStats::SUM)];
diff --git a/scripts/policy/misc/known-devices.bro b/scripts/policy/misc/known-devices.bro
index 8378d589f8..2f1f81524f 100644
--- a/scripts/policy/misc/known-devices.bro
+++ b/scripts/policy/misc/known-devices.bro
@@ -38,5 +38,5 @@ export {
event bro_init()
{
- Log::create_stream(Known::DEVICES_LOG, [$columns=DevicesInfo, $ev=log_known_devices]);
+ Log::create_stream(Known::DEVICES_LOG, [$columns=DevicesInfo, $ev=log_known_devices, $path="known_devices"]);
}
diff --git a/scripts/policy/misc/loaded-scripts.bro b/scripts/policy/misc/loaded-scripts.bro
index bd6943e928..3b0b9e2429 100644
--- a/scripts/policy/misc/loaded-scripts.bro
+++ b/scripts/policy/misc/loaded-scripts.bro
@@ -30,7 +30,7 @@ const depth: table[count] of string = {
event bro_init() &priority=5
{
- Log::create_stream(LoadedScripts::LOG, [$columns=Info]);
+ Log::create_stream(LoadedScripts::LOG, [$columns=Info, $path="loaded_scripts"]);
}
event bro_script_loaded(path: string, level: count)
diff --git a/scripts/policy/misc/stats.bro b/scripts/policy/misc/stats.bro
index a8a08bdcc1..215a3bb9de 100644
--- a/scripts/policy/misc/stats.bro
+++ b/scripts/policy/misc/stats.bro
@@ -50,7 +50,7 @@ export {
event bro_init() &priority=5
{
- Log::create_stream(Stats::LOG, [$columns=Info, $ev=log_stats]);
+ Log::create_stream(Stats::LOG, [$columns=Info, $ev=log_stats, $path="stats"]);
}
event check_stats(last_ts: time, last_ns: NetStats, last_res: bro_resources)
diff --git a/scripts/policy/protocols/conn/known-hosts.bro b/scripts/policy/protocols/conn/known-hosts.bro
index e4fef85f87..a539885dd1 100644
--- a/scripts/policy/protocols/conn/known-hosts.bro
+++ b/scripts/policy/protocols/conn/known-hosts.bro
@@ -38,7 +38,7 @@ export {
event bro_init()
{
- Log::create_stream(Known::HOSTS_LOG, [$columns=HostsInfo, $ev=log_known_hosts]);
+ Log::create_stream(Known::HOSTS_LOG, [$columns=HostsInfo, $ev=log_known_hosts, $path="known_hosts"]);
}
event connection_established(c: connection) &priority=5
diff --git a/scripts/policy/protocols/conn/known-services.bro b/scripts/policy/protocols/conn/known-services.bro
index 4e474f76a0..0c79db84f5 100644
--- a/scripts/policy/protocols/conn/known-services.bro
+++ b/scripts/policy/protocols/conn/known-services.bro
@@ -49,7 +49,8 @@ redef record connection += {
event bro_init() &priority=5
{
Log::create_stream(Known::SERVICES_LOG, [$columns=ServicesInfo,
- $ev=log_known_services]);
+ $ev=log_known_services,
+ $path="known_services"]);
}
event log_it(ts: time, a: addr, p: port, services: set[string])
diff --git a/scripts/policy/protocols/modbus/known-masters-slaves.bro b/scripts/policy/protocols/modbus/known-masters-slaves.bro
index 84ea7ea35a..a49e1f81e4 100644
--- a/scripts/policy/protocols/modbus/known-masters-slaves.bro
+++ b/scripts/policy/protocols/modbus/known-masters-slaves.bro
@@ -35,7 +35,7 @@ export {
event bro_init() &priority=5
{
- Log::create_stream(Known::MODBUS_LOG, [$columns=ModbusInfo, $ev=log_known_modbus]);
+ Log::create_stream(Known::MODBUS_LOG, [$columns=ModbusInfo, $ev=log_known_modbus, $path="known_modbus"]);
}
event modbus_message(c: connection, headers: ModbusHeaders, is_orig: bool)
diff --git a/scripts/policy/protocols/modbus/track-memmap.bro b/scripts/policy/protocols/modbus/track-memmap.bro
index 7714ce7537..fedda25ea7 100644
--- a/scripts/policy/protocols/modbus/track-memmap.bro
+++ b/scripts/policy/protocols/modbus/track-memmap.bro
@@ -54,7 +54,7 @@ redef record Modbus::Info += {
event bro_init() &priority=5
{
- Log::create_stream(Modbus::REGISTER_CHANGE_LOG, [$columns=MemmapInfo]);
+ Log::create_stream(Modbus::REGISTER_CHANGE_LOG, [$columns=MemmapInfo, $path="modbus_register_change"]);
}
event modbus_read_holding_registers_request(c: connection, headers: ModbusHeaders, start_address: count, quantity: count)
diff --git a/scripts/policy/protocols/ssl/known-certs.bro b/scripts/policy/protocols/ssl/known-certs.bro
index 298c665459..1f27521e46 100644
--- a/scripts/policy/protocols/ssl/known-certs.bro
+++ b/scripts/policy/protocols/ssl/known-certs.bro
@@ -43,7 +43,7 @@ export {
event bro_init() &priority=5
{
- Log::create_stream(Known::CERTS_LOG, [$columns=CertsInfo, $ev=log_known_certs]);
+ Log::create_stream(Known::CERTS_LOG, [$columns=CertsInfo, $ev=log_known_certs, $path="known_certs"]);
}
event ssl_established(c: connection) &priority=3
diff --git a/testing/btest/Baseline/plugins.hooks/output b/testing/btest/Baseline/plugins.hooks/output
index 63f0a87742..6f06d254c0 100644
--- a/testing/btest/Baseline/plugins.hooks/output
+++ b/testing/btest/Baseline/plugins.hooks/output
@@ -130,69 +130,69 @@
0.000000 MetaHookPost CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_IRC_DATA, [get_file_handle=IRC::get_file_handle{ return (cat(Analyzer::ANALYZER_IRC_DATA, IRC::c$start_time, IRC::c$id, IRC::is_orig))}, describe=anonymous-function{ return ()}])) ->
0.000000 MetaHookPost CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_SMTP, [get_file_handle=SMTP::get_file_handle{ return (cat(Analyzer::ANALYZER_SMTP, SMTP::c$start_time, SMTP::c$smtp$trans_depth, SMTP::c$smtp_state$mime_depth))}, describe=SMTP::describe_file{ SMTP::cid{ if (SMTP::f$source != SMTP) return ()for ([SMTP::cid] in SMTP::f$conns) { SMTP::c = SMTP::f$conns[SMTP::cid]return (SMTP::describe(SMTP::c$smtp))}return ()}}])) ->
0.000000 MetaHookPost CallFunction(Files::register_protocol, , (Analyzer::ANALYZER_SSL, [get_file_handle=SSL::get_file_handle{ return ()}, describe=SSL::describe_file{ SSL::cid{ if (SSL::f$source != SSL || !SSL::f?$info || !SSL::f$info?$x509 || !SSL::f$info$x509?$certificate) return ()for ([SSL::cid] in SSL::f$conns) { if (SSL::f$conns[SSL::cid]?$ssl) { SSL::c = SSL::f$conns[SSL::cid]return (cat(SSL::c$id$resp_h, :, SSL::c$id$resp_p))}}return (cat(Serial: , SSL::f$info$x509$certificate$serial, Subject: , SSL::f$info$x509$certificate$subject, Issuer: , SSL::f$info$x509$certificate$issuer))}}])) ->
-0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Cluster::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) ->
-0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Communication::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) ->
-0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Conn::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) ->
-0.000000 MetaHookPost CallFunction(Log::__add_filter, , (DHCP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) ->
-0.000000 MetaHookPost CallFunction(Log::__add_filter, , (DNP3::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) ->
-0.000000 MetaHookPost CallFunction(Log::__add_filter, , (DNS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) ->
-0.000000 MetaHookPost CallFunction(Log::__add_filter, , (DPD::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) ->
-0.000000 MetaHookPost CallFunction(Log::__add_filter, , (FTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) ->
-0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Files::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) ->
-0.000000 MetaHookPost CallFunction(Log::__add_filter, , (HTTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) ->
-0.000000 MetaHookPost CallFunction(Log::__add_filter, , (IRC::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) ->
-0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Intel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) ->
-0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Modbus::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) ->
-0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Notice::ALARM_LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) ->
-0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Notice::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) ->
-0.000000 MetaHookPost CallFunction(Log::__add_filter, , (PacketFilter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) ->
-0.000000 MetaHookPost CallFunction(Log::__add_filter, , (RADIUS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) ->
-0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Reporter::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) ->
-0.000000 MetaHookPost CallFunction(Log::__add_filter, , (SMTP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) ->
-0.000000 MetaHookPost CallFunction(Log::__add_filter, , (SNMP::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) ->
-0.000000 MetaHookPost CallFunction(Log::__add_filter, , (SOCKS::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) ->
-0.000000 MetaHookPost CallFunction(Log::__add_filter, , (SSH::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) ->
-0.000000 MetaHookPost CallFunction(Log::__add_filter, , (SSL::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) ->
-0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Signatures::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) ->
-0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Software::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) ->
-0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Syslog::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) ->
-0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Tunnel::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) ->
-0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Unified2::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) ->
-0.000000 MetaHookPost CallFunction(Log::__add_filter, , (Weird::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) ->
-0.000000 MetaHookPost CallFunction(Log::__add_filter, , (X509::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) ->
-0.000000 MetaHookPost CallFunction(Log::__add_filter, , (mysql::LOG, [name=default, writer=Log::WRITER_ASCII, pred=, path=, path_func=Log::default_path_func{ if ( != Log::path) return (Log::path)Log::id_str = fmt(%s, Log::id)Log::parts = split_string1(Log::id_str, <...>/, )return (cat(to_lower(Log::parts[0]), _, to_lower(Log::parts[1])))}elsereturn (to_lower(Log::id_str))}, include=, exclude=, log_local=T, log_remote=T, interv=0 secs, postprocessor=, config={}])) ->
-0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Cluster::LOG, [columns=, ev=])) ->
-0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Communication::LOG, [columns=, ev=])) ->
-0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Conn::LOG, [columns=, ev=Conn::log_conn])) ->
-0.000000 MetaHookPost CallFunction(Log::__create_stream, , (DHCP::LOG, [columns=, ev=DHCP::log_dhcp])) ->
-0.000000 MetaHookPost CallFunction(Log::__create_stream, , (DNP3::LOG, [columns=, ev=DNP3::log_dnp3])) ->
-0.000000 MetaHookPost CallFunction(Log::__create_stream, , (DNS::LOG, [columns=, ev=DNS::log_dns])) ->
-0.000000 MetaHookPost CallFunction(Log::__create_stream, , (DPD::LOG, [columns=, ev=])) ->
-0.000000 MetaHookPost CallFunction(Log::__create_stream, , (FTP::LOG, [columns=, ev=FTP::log_ftp])) ->
-0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Files::LOG, [columns=, ev=Files::log_files])) ->
-0.000000 MetaHookPost CallFunction(Log::__create_stream, , (HTTP::LOG, [columns=, ev=HTTP::log_http])) ->
-0.000000 MetaHookPost CallFunction(Log::__create_stream, , (IRC::LOG, [columns=, ev=IRC::irc_log])) ->
-0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Intel::LOG, [columns=, ev=Intel::log_intel])) ->
-0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Modbus::LOG, [columns=, ev=Modbus::log_modbus])) ->
-0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Notice::ALARM_LOG, [columns=, ev=])) ->
-0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Notice::LOG, [columns=, ev=Notice::log_notice])) ->
-0.000000 MetaHookPost CallFunction(Log::__create_stream, , (PacketFilter::LOG, [columns=, ev=])) ->
-0.000000 MetaHookPost CallFunction(Log::__create_stream, , (RADIUS::LOG, [columns=, ev=RADIUS::log_radius])) ->
-0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Reporter::LOG, [columns=, ev=])) ->
-0.000000 MetaHookPost CallFunction(Log::__create_stream, , (SMTP::LOG, [columns=, ev=SMTP::log_smtp])) ->
-0.000000 MetaHookPost CallFunction(Log::__create_stream, , (SNMP::LOG, [columns=, ev=SNMP::log_snmp])) ->
-0.000000 MetaHookPost CallFunction(Log::__create_stream, , (SOCKS::LOG, [columns=, ev=SOCKS::log_socks])) ->
-0.000000 MetaHookPost CallFunction(Log::__create_stream, , (SSH::LOG, [columns=, ev=SSH::log_ssh])) ->
-0.000000 MetaHookPost CallFunction(Log::__create_stream, , (SSL::LOG, [columns=, ev=SSL::log_ssl])) ->
-0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Signatures::LOG, [columns=, ev=Signatures::log_signature])) ->
-0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Software::LOG, [columns=, ev=Software::log_software])) ->
-0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Syslog::LOG, [columns=, ev=])) ->
-0.000000 MetaHookPost CallFunction(Log::__create_stream, , (Tunnel::LOG, [columns=, ev=])) ->
-0.000000 MetaHookPost CallFunction(Log::__create_stream,