[Bro] Format of log file
jp.luiggi at free.fr
Mon Jul 30 13:53:33 PDT 2007
On Mon, 30 Jul 2007 11:32:28 -0700
Robin Sommer <robin at icir.org> wrote:
> I generally agree though there are two issues to consider:
> - tagging is not equally well suited for all logs; something like
> http.log does is pretty free-form and harder to force into the
> - it breaks backwards-compatibility, which is large thing because
> people have scripts to parse the stuff already.
> So my hunch is to stay with what we have for now (i.e., tagged for
> notice/alarm, non-tagged for the rest). But I'm not claiming that
> this is ideal ...
I've no problem with this approach, i just wanted to be sure of the
correct way to use. :-)
I'll stay likes this for now.
More information about the Bro