How can i find some fields?

G-Mail · November 4, 2012, 12:47pm

first of all, please understand my poor English. Because I’m not live in English-speaking country.
I’m interested in Bro and Bro scripts nowadays. It’s very flexible.
But, I don’t know how to create a module’s fields. For example, DNS module in bro has some fields of “Info”.

===================== base/protocols/dns/main.bro
module DNS;

export {

The DNS logging stream identifier.

redef enum Log::ID += { LOG };

The record type which contains the column fields of the DNS log.

type Info: record {

The earliest time at which a DNS protocol message over the

associated connection is observed.

ts: time &log;

A unique identifier of the connection over which DNS messages

are being transferred.

uid: string &log;

The connection’s 4-tuple of endpoint addresses/ports.

id: conn_id &log;

The transport layer protocol of the connection.

proto: transport_proto &log;

…………last part omitted…………

Topic		Replies	Views
Correct way to log record with modification Zeek	2	82	May 6, 2022
Converting a Bro Script to A New Stream Zeek	10	95	May 6, 2022
conn.log question Zeek	4	85	May 6, 2022
Specification of log fields Zeek	2	111	May 6, 2022
Call for opinions on logging framework syntax problem Development development	19	96	May 6, 2022