[Bro-Dev] Call for opinions on logging framework syntax problem
Seth Hall
seth at icir.org
Tue Nov 29 20:24:31 PST 2011
On Nov 29, 2011, at 11:06 PM, Bernhard Amann wrote:
> When adding the protocol directly to the port information, the log line would e.g. look like
>
> 12.12.12.12 53/udp,80/tcp,8080/tcp
This is definitely one place where the email I just sent breaks down. It's the port value used outside of the context of a conn_id value. Do you have a concrete example of when you'd want to do something like this? I suspect that if you wanted to do that it would actually be better to organize your data in a different way. Like this:
#fields host port proto
12.12.12.12 53 udp
12.12.12.12 80 tcp
12.12.12.12 8080 tcp
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.icsi.berkeley.edu/pipermail/bro-dev/attachments/20111129/978e7bd4/attachment.bin
More information about the bro-dev
mailing list