In the Bro documentation from the web site, I refer the "Customizing Bro's
Logging" to write my own logs. I pretty under how to customize what to log
but I am still confusing on whether I can control to create logging files.
The following scripts is shown:
event connection_state_remove(c: connection)
if ( c$id$orig_h in Site::private_address_space )
c$conn$is_private = T;
From my understanding, it seems that Logs files can
only be created
whenever connection_state_remove event handler is called. I can
customize what to update here. If I don't update it, log files are still
created with default values. Is there any way that I can control when to
put values in memory into the log files?
Hope that I make myself clear.
DEPEND Research Group, ECE Department
University of Illinois at Urbana-Champaign