[Bro] Requesting event_notice ad event_alarm events over broccoli
robin at icir.org
Thu Aug 13 10:21:46 PDT 2009
On Wed, Aug 12, 2009 at 11:47 -0700, you wrote:
> I'm trying to collect event_notice and event_alarm events from a
(I suppose you mean notice_action and notice_alarm?)
> humming along happily. The entire time, not a single event arrives at
> the client.
That's weird. I don't have an immediate idea why you see that; the
cluster is sending notice_action events and that's working fine.
> saw that there is the suppress_notice_action flag which is set to F,
Right, that option shouldn't have any impact on this
> would the optional fields and enumerated types in NoticeAction and
> notice_info cause problems for marshalling and sending?
They shouldn't. Generally, all script-level variables can be
transmitted. If not it's a bug ... :
There are two things which could help tracking this down: if you
could find like a minimal configuration/setup which demonstrates the
problem, that'd be great (always a bit tricky when communication is
involved...). And you could compile with --enable-debug and then run
with "-B comm", that will log some stuff into debug.log which might
help (that file quickly gets huge though).
P.S.: Which Bro version are you using?
Robin Sommer * Phone +1 (510) 666-2886 * robin at icir.org
ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org
More information about the Bro