mirror of
https://github.com/zeek/zeek.git
synced 2025-10-11 11:08:20 +00:00
2fafadd930
Since WriterFrontend objects are looked up internally by writer type and path, and they also expect to write consistent field arguments, it could be the case that more than one filter of a given stream attempts to write to the same path (derived either from $path or $path_func fields of the filter) with the same writer type. This won't work, so now WriterFrontend objects are bound to the filter that instantiated them so that we can warn about other filters attempting to write to the conflicting writer/path and the write can be skipped. Remote logs don't appear to suffer the same issue due to pre-filtering. Addresses #842.
14 lines
475 B
Text
14 lines
475 B
Text
# @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace %INPUT
|
|
# @TEST-EXEC: btest-diff reporter.log
|
|
# @TEST-EXEC: btest-diff http.log
|
|
|
|
@load base/protocols/http
|
|
|
|
event bro_init()
|
|
{
|
|
# Both the default filter for the http stream and this new one will
|
|
# attempt to have the same writer write to path "http", which will
|
|
# be reported as a warning and the write skipped.
|
|
local filter: Log::Filter = [$name="host-only", $include=set("host")];
|
|
Log::add_filter(HTTP::LOG, filter);
|
|
}
|