[Bro] Requesting event_notice ad event_alarm events over broccoli

Robin Sommer robin at icir.org
Thu Aug 13 10:21:46 PDT 2009

On Wed, Aug 12, 2009 at 11:47 -0700, you wrote:

>     I'm trying to collect event_notice and event_alarm events from a

(I suppose you mean notice_action and notice_alarm?)

> humming along happily. The entire time, not a single event arrives at
> the client.

That's weird. I don't have an immediate idea why you see that; the
cluster is sending notice_action events and that's working fine.

> saw that there is the suppress_notice_action flag which is set to F,

Right, that option shouldn't have any impact on this 

> would the optional fields and enumerated types in NoticeAction and
> notice_info cause problems for marshalling and sending?

They shouldn't. Generally, all script-level variables can be
transmitted. If not it's a bug ... :

There are two things which could help tracking this down: if you
could find like a minimal configuration/setup which demonstrates the
problem, that'd be great (always a bit tricky when communication is
involved...). And you could compile with --enable-debug and then run
with "-B comm", that will log some stuff into debug.log which might
help (that file quickly gets huge though). 


P.S.: Which Bro version are you using? 

Robin Sommer * Phone +1 (510) 666-2886 * robin at icir.org 
ICSI/LBNL    * Fax   +1 (510) 666-2956 *   www.icir.org

More information about the Bro mailing list