All,
I've run a script against a pcap file:
You want
Log::write(LOG, [$data=str]);
Justin,
I added your line to the connection_established event:
event connection_established(c: connection) {
local str = fmt("Connection established: %s", c$id);
print fmt("%s\n", str); #TEST
Log::write(TstRec::LOG, [$data=str]);
# Log::write(TstLog::LOG, [$data=mkString()]);
}
and got a different error:
error in ./tstLog.bro, line 14: unknown identifier TstRec::LOG, at or near "TstRec::LOG"
Bro can be very subtle... (subtle = "I don't know how it works!")
Tom
Justin,
I added your line to the connection_established event:
..
Log::write(TstRec::LOG, [$data=str]);
...
You want
Log::write(LOG, [$data=str]);
Spot the difference 
Yes!!
That worked.
Thanks Justin.
Tom