In the Bro documentation from the web site, I refer the "Customizing Bro's Logging" to write my own logs. I pretty under how to customize what to log but I am still confusing on whether I can control to create logging files. The following scripts is shown:

event connection_state_remove(c: connection)
    if ( c$id$orig_h in Site::private_address_space )
        c$conn$is_private = T;

From my understanding, it seems that Logs files can only be created whenever connection_state_remove event handler is called. I can only customize what to update here. If I don't update it, log files are still created with default values. Is there any way that I can control when to put values in memory into the log files?

Hope that I make myself clear.



Hui Lin
Research Assistant
DEPEND Research Group, ECE Department
University of Illinois at Urbana-Champaign