Merge remote-tracking branch 'origin/fastpath'

Also reenabling the logs-to-elasticsearch.bro script in test-all-policy.bro, that seems to work now. * origin/fastpath: Reworked how the logs-to-elasticsearch scripts works to stop abusing the logging framework.
2025-10-17 14:08:20 +00:00 · 2012-07-27 12:42:13 -07:00 · 2012-07-27 12:42:13 -07:00 · 32590177a0
commit 32590177a0
parent 9f2abd0697 596f07e505
5 changed files with 30 additions and 22 deletions
--- a/scripts/base/frameworks/logging/main.bro
+++ b/scripts/base/frameworks/logging/main.bro
@ -327,6 +327,11 @@ export {
 	##    Log::default_rotation_postprocessor_cmd
 	##    Log::default_rotation_postprocessors
 	global run_rotation_postprocessor_cmd: function(info: RotationInfo, npath: string) : bool;
+
+	## The streams which are currently active and not disabled.
+	## This set is not meant to be modified by users!  Only use it for
+	## examining which streams are active.
+	global active_streams: set[ID] = set();
 }

 # We keep a script-level copy of all filters so that we can manipulate them.
@ -412,11 +417,15 @@ function create_stream(id: ID, stream: Stream) : bool
 	if ( ! __create_stream(id, stream) )
 		return F;

+	add active_streams[id];
+
 	return add_default_filter(id);
 	}

 function disable_stream(id: ID) : bool
 	{
+	delete active_streams[id];
+
 	return __disable_stream(id);
 	}