Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-04 15:48:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Functions can now be logged.

Browse source 
The function's code is rendered as ASCII and included as a string.
Closes #506.

Note that I'm not sure if the formatting is as desired: should the LFs
and tabs be rendered as \xXX or removed?.
This commit is contained in:
Robin Sommer 2011-08-12 22:04:05 -07:00
parent cc258b29aa
commit c436930acf
4 changed files with 30 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

19
src/LogMgr.cc
View file

@ -89,7 +89,7 @@ bool LogField::Write(SerializationFormat* fmt) const
LogVal::~LogVal() LogVal::~LogVal()
{ {
if ( (type == TYPE_ENUM || type == TYPE_STRING || type == TYPE_FILE) if ( (type == TYPE_ENUM || type == TYPE_STRING || type == TYPE_FILE || type == TYPE_FUNC)
&& present ) && present )
delete val.string_val; delete val.string_val;
@ -130,6 +130,7 @@ bool LogVal::IsCompatibleType(BroType* t, bool atomic_only)
case TYPE_ENUM: case TYPE_ENUM:
case TYPE_STRING: case TYPE_STRING:
case TYPE_FILE: case TYPE_FILE:
case TYPE_FUNC:
return true; return true;
case TYPE_RECORD: case TYPE_RECORD:
@ -231,6 +232,7 @@ bool LogVal::Read(SerializationFormat* fmt)
case TYPE_ENUM: case TYPE_ENUM:
case TYPE_STRING: case TYPE_STRING:
case TYPE_FILE: case TYPE_FILE:
case TYPE_FUNC:
{ {
val.string_val = new string; val.string_val = new string;
return fmt->Read(val.string_val, "string"); return fmt->Read(val.string_val, "string");
@ -343,6 +345,7 @@ bool LogVal::Write(SerializationFormat* fmt) const
case TYPE_ENUM: case TYPE_ENUM:
case TYPE_STRING: case TYPE_STRING:
case TYPE_FILE: case TYPE_FILE:
case TYPE_FUNC:
return fmt->Write(*val.string_val, "string"); return fmt->Write(*val.string_val, "string");
case TYPE_TABLE: case TYPE_TABLE:
@ -648,6 +651,11 @@ bool LogMgr::TraverseRecord(Stream* stream, Filter* filter, RecordType* rt,
// That's ok, we handle it below. // That's ok, we handle it below.
} }
else if ( t->Tag() == TYPE_FUNC )
{
// That's ok, we handle it below.
}
else else
{ {
reporter->Error("unsupported field type for log column"); reporter->Error("unsupported field type for log column");
@ -1074,6 +1082,15 @@ LogVal* LogMgr::ValToLogVal(Val* val, BroType* ty)
break; break;
} }
case TYPE_FUNC:
{
ODesc d;
const Func* f = val->AsFunc();
f->Describe(&d);
lval->val.string_val = new string(d.Description());
break;
}
case TYPE_TABLE: case TYPE_TABLE:
{ {
ListVal* set = val->AsTableVal()->ConvertToPureList(); ListVal* set = val->AsTableVal()->ConvertToPureList();

1
src/LogWriterAscii.cc
View file

@ -155,6 +155,7 @@ bool LogWriterAscii::DoWriteOne(ODesc* desc, LogVal* val, const LogField* field)
case TYPE_ENUM: case TYPE_ENUM:
case TYPE_STRING: case TYPE_STRING:
case TYPE_FILE: case TYPE_FILE:
case TYPE_FUNC:
{ {
int size = val->val.string_val->size(); int size = val->val.string_val->size();
if ( size ) if ( size )

BIN
testing/btest/Baseline/policy.frameworks.logging.types/ssh.log
View file

Binary file not shown.

12
testing/btest/policy/frameworks/logging/types.bro
View file

@ -29,9 +29,18 @@ export {
se: set[string]; se: set[string];
vc: vector of count; vc: vector of count;
ve: vector of string; ve: vector of string;
f: function(i: count) : string;
} &log; } &log;
} }
function foo(i : count) : string
{
if ( i > 0 )
return "Foo";
else
return "Bar";
}
event bro_init() event bro_init()
{ {
Log::create_stream(SSH, [$columns=Log]); Log::create_stream(SSH, [$columns=Log]);
@ -56,7 +65,8 @@ event bro_init()
$ss=set("AA", "BB", "CC"), $ss=set("AA", "BB", "CC"),
$se=empty_set, $se=empty_set,
$vc=vector(10, 20, 30), $vc=vector(10, 20, 30),
$ve=empty_vector $ve=empty_vector,
$f=foo
]); ]);
} }