Enums are now logged with their ID names, not anymore with their

numerical values.
2025-10-07 00:58:19 +00:00 · 2011-03-09 18:06:50 -08:00 · 2011-03-09 18:06:50 -08:00 · 89e8ea7353
commit 89e8ea7353
parent c6e3174bc8
5 changed files with 19 additions and 6 deletions
--- a/policy/logging-ascii.bro
+++ b/policy/logging-ascii.bro
@ -15,7 +15,10 @@ export {
 	# The separator between fields.
 	const separator = "\t" &redef;

-	# The string to use for empty string fields.
+	# The separator between set elements.
+	const set_separator = "," &redef;
+
+	# The string to use for empty fields.
 	const empty_field = "" &redef;

 	# The string to use for an unset optional field.
--- a/src/LogMgr.cc
+++ b/src/LogMgr.cc
@ -65,7 +65,7 @@ struct LogMgr::Stream {

 LogVal::~LogVal()
 	{
-	if ( type == TYPE_STRING && present )
+	if ( (type == TYPE_ENUM || type == TYPE_STRING) && present )
 		delete val.string_val;

 	if ( type == TYPE_TABLE && present )
@ -93,7 +93,6 @@ bool LogVal::Read(SerializationFormat* fmt)
 	switch ( type ) {
 	case TYPE_BOOL:
 	case TYPE_INT:
-	case TYPE_ENUM:
 		return fmt->Read(&val.int_val, "int");

 	case TYPE_COUNT:
@ -148,6 +147,7 @@ bool LogVal::Read(SerializationFormat* fmt)
 	case TYPE_INTERVAL:
 		return fmt->Read(&val.double_val, "double");

+	case TYPE_ENUM:
 	case TYPE_STRING:
 		{
 		val.string_val = new string;
@ -189,7 +189,6 @@ bool LogVal::Write(SerializationFormat* fmt) const
 	switch ( type ) {
 	case TYPE_BOOL:
 	case TYPE_INT:
-	case TYPE_ENUM:
 		return fmt->Write(val.int_val, "int");

 	case TYPE_COUNT:
@ -234,6 +233,7 @@ bool LogVal::Write(SerializationFormat* fmt) const
 	case TYPE_INTERVAL:
 		return fmt->Write(val.double_val, "double");

+	case TYPE_ENUM:
 	case TYPE_STRING:
 		return fmt->Write(*val.string_val, "string");

@ -758,10 +758,16 @@ LogVal* LogMgr::ValToLogVal(Val* val)
 	switch ( lval->type ) {
 	case TYPE_BOOL:
 	case TYPE_INT:
-	case TYPE_ENUM:
 		lval->val.int_val = val->InternalInt();
 	break;

+	case TYPE_ENUM:
+		{
+		const char* s = val->Type()->AsEnumType()->Lookup(val->InternalInt());
+		lval->val.string_val = new string(s);
+		break;
+		}
+
 	case TYPE_COUNT:
 	case TYPE_COUNTER:
 		lval->val.uint_val = val->InternalUnsigned();
--- a/src/LogWriterAscii.cc
+++ b/src/LogWriterAscii.cc
@ -110,7 +110,6 @@ bool LogWriterAscii::DoWriteOne(ODesc* desc, LogVal* val, const LogField* field)
 	break;

 	case TYPE_INT:
-	case TYPE_ENUM:
 		desc->Add(val->val.int_val);
 	break;

@ -137,6 +136,7 @@ bool LogWriterAscii::DoWriteOne(ODesc* desc, LogVal* val, const LogField* field)
 		desc->Add(val->val.double_val);
 	break;

+	case TYPE_ENUM:
 	case TYPE_STRING:
 		{
 		int size = val->val.string_val->size();
--- a/testing/btest/Baseline/logging.remote-types/receiver.ssh.log
+++ b/testing/btest/Baseline/logging.remote-types/receiver.ssh.log
@ -0,0 +1,2 @@
+# b	i	e	c	p	sn	n	a	d	t	iv	s	sc	ss	se
+T	-42	SSH::SSH	21	123	10.0.0.0/24	10.0.0.0	1.2.3.4	3.14	1299722788.39808	100.0	hurz	4,2,3,1	AA,BB,CC	EMPTY
--- a/testing/btest/Baseline/logging.types/ssh.log
+++ b/testing/btest/Baseline/logging.types/ssh.log
@ -0,0 +1,2 @@
+# b	i	e	c	p	sn	n	a	d	t	iv	s	sc	ss	se
+T	-42	SSH::SSH	21	123	10.0.0.0/24	10.0.0.0	1.2.3.4	3.14	1299722790.49273	100.0	hurz	2,1,4,3	BB,AA,CC	EMPTY