mirror of
https://github.com/zeek/zeek.git
synced 2025-10-09 18:18:19 +00:00
38a1aa5a34
The &log keyword now operates as discussed:
- When associated with individual record fields, it defines them
as being logged.
- When associated with a complete record type, it defines all fields
to be logged.
- When associated with a record extension, it defines all added
fields to be logged.
Note that for nested record types, the inner fields must likewise
be declared with &log. Consequently, conn_id is now declared with
&log in bro.init.
Vectors are now allowed to be logged and will be recorded as an
ordered set of items.
27 lines
332 B
Text
27 lines
332 B
Text
#
|
|
# @TEST-EXEC: bro %INPUT
|
|
# @TEST-EXEC: btest-diff ssh.log
|
|
|
|
module SSH;
|
|
|
|
export {
|
|
redef enum Log::ID += { SSH };
|
|
|
|
type Log: record {
|
|
vec: vector of string &log;
|
|
};
|
|
}
|
|
|
|
event bro_init()
|
|
{
|
|
Log::create_stream(SSH, [$columns=Log]);
|
|
|
|
local v: vector of string;
|
|
|
|
v[2] = "2";
|
|
v[5] = "5";
|
|
|
|
Log::write(SSH, [$vec=v]);
|
|
}
|
|
|
|
|