Hi
I need to write id into x509.log , but its giving error
redef record X509::Info += {
#rx_cc: string &log &optional;
#tx_asn: count &log &optional;
#rx_asn: count &log &optional;
id: conn_id &log &optional;
};
event file_state_remove(f: fa_file) &priority=5
{
if ( ! f$info?$x509 )
return;
f$info$x509 = f$id;
}
type clash in assignment (f$info$x509 = f$id)
x509 info record already has an id field:
## File id of this certificate.
id: string &log;
and you're trying to assign the entire record to f$id instead of a particular field.
Maybe you mean something like this:
redef record X509::Info += {
conn_id: conn_id &log &optional;
};
event file_state_remove(f: fa_file) &priority=5
{
if ( ! f$info?$x509 )
return;
# Assume this file only has one connection
for ( id in f$conns )
local c = f$conns[id];
f$info$x509$conn_id = c$id;
}
Ah right, I tested it with print but didn't actually look at the log. It's a problem with the priority, it's using the same event that is used to log the record, so you need to ensure that your file_state_remove event runs first.
I also had the parenthesis slightly wrong (I always screw things up when I try to use the indentation brace style that bro uses)
This definitely works:
event file_state_remove(f: fa_file) &priority=10
{
if ( ! f$info?$x509 )
return;
# Assume this file only has one connection
for ( id in f$conns ) {
local c = f$conns[id];
f$info$x509$conn_id = c$id;
}
}