[Bro-Dev] #541: Proposal for default filter $path names
Bro Tracker
bro at tracker.bro-ids.org
Fri Aug 5 08:36:40 PDT 2011
#541: Proposal for default filter $path names
---------------------+--------------------
Reporter: seth | Owner:
Type: Problem | Status: new
Priority: Normal | Milestone: Bro1.6
Component: Bro | Version:
Keywords: beta |
---------------------+--------------------
The way that default $paths are named for logging filters is a bit of a
mess right now. My plan is to rename most of the Log::IDs like this:
SSH::LOG, SSL::LOG, Syslog::LOG.
The problem (as I see it) with the way things are done now is that if you
are outside of the module namespace and you want to install a filter you
need to use the Log::IDs full name which currently looks like this:
SSH::SSH, SSL::SSL, Syslog::SYSLOG which is very non-obvious.
When the logging framework comes up with the $path value for the default
filter it names it by the ID name without the module and this works great
with the current but confusing naming scheme. I want to propose that the
logging framework use the module name for the default path if it's a ::LOG
value, and otherwise use the value itself without the module.
One case in particular where I'm thinking this would already work is in
the notice framework. The notice framework will have Notice::LOG and
Notice::NOTICE_POLICY which should result in default $paths of "notice"
and "notice_policy" respectively.
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/541>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list