[Bro-Dev] Portmapper logging
Seth Hall
seth at icir.org
Mon Dec 6 11:37:30 PST 2010
On Dec 6, 2010, at 12:30 PM, Gregor Maier wrote:
> * I want to add an actual portmapper.log file to log portmapper
> activity. If we have that, we wouldn't need the "addl" anymore. Is it
> worth removing it? (Esp. wrt the new logging framework)
I would really like to see any activity logs for policy scripts moved out into their own logs. At OSU for instance, we didn't even keep the conn.log (we closed the log file) because it was mostly repetitive data that we didn't get much benefit from keeping. It's obviously much faster to grep smaller logs too. :)
�
.Seth
More information about the bro-dev
mailing list