Arne Welzel

I've moved this to zeek-docs, as documenting might be the most sensible action for now.

Hey @omnidepp - thanks for the question / issue. Interesting. > Any input greatly appreciated. I've recorded a simple HTTP request with snaplen 54 to look a bit: [http-request-snaplen-54.pcap.zip](https://github.com/zeek/zeek/files/9921539/http-request-snaplen-54.pcap.zip) The...

> so if it does not go up this is helpful information about e.g., the state of the metrics collection pipeline (it effectively acts as some timestamped health check) If...

> I pondered the connkey vs conntuple naming aspect too. My take was that for users it's more intuitive that the feature this provides is configurable connection _tuples_ (a commonly...

I've reworked the commits, adapting some names as proposed and also changed the `FromVal()` API to return `expected` instead of of a ConnKey instance with a set `Error()`. The IP...

@JustinAzoff - are you happy with this version? Mind updating the version changes baselines if so?

Hey @initconf - thanks! It seems your changes were done to an older trace-summary revision than we have in the repo. There were some updates done for linting and formatting,...

> Maybe I'm too timid and someone else should chime in. @rsmmr - do you have opinions on umask and permissions of files within bundles and those created during the...

> What should I be using for the parameters? For `rec` you should take a type used for `columns` during a call of `Log::create_stream()` (e.g. `Conn::Info` and guard access to...

I haven't tried, but [type casting]( https://docs.zeek.org/en/master/script-reference/operators.html#type-casting) could possibly also work. For `Log::log_stream_policy` you'd put your own record type in the signature, and ensure that `id: ID` at runtime is...