&log keyword, and vector logging.

The &log keyword now operates as discussed: - When associated with individual record fields, it defines them as being logged. - When associated with a complete record type, it defines all fields to be logged. - When associated with a record extension, it defines all added fields to be logged. Note that for nested record types, the inner fields must likewise be declared with &log. Consequently, conn_id is now declared with &log in bro.init. Vectors are now allowed to be logged and will be recorded as an ordered set of items.
2025-10-04 23:58:20 +00:00 · 2011-03-28 17:55:41 -07:00 · 2011-03-28 17:55:41 -07:00 · 38a1aa5a34
commit 38a1aa5a34
parent 05f2104fec
40 changed files with 307 additions and 55 deletions
--- a/src/LogWriterAscii.cc
+++ b/src/LogWriterAscii.cc
@ -167,6 +167,26 @@ bool LogWriterAscii::DoWriteOne(ODesc* desc, LogVal* val, const LogField* field)
 		break;
 		}

+	case TYPE_VECTOR:
+		{
+		if ( ! val->val.vector_val.size )
+			{
+			desc->AddN(empty_field, empty_field_len);
+			break;
+			}
+
+		for ( int j = 0; j < val->val.vector_val.size; j++ )
+			{
+			if ( j > 0 )
+				desc->AddN(set_separator, set_separator_len);
+
+			if ( ! DoWriteOne(desc, val->val.vector_val.vals[j], field) )
+				return false;
+			}
+
+		break;
+		}
+
 	default:
 		Error(Fmt("unsupported field format %d for %s", val->type, field->name.c_str()));
 		return false;