[Bro-Dev] #487: Bug and missing feature in syslog analyzer
Bro Tracker
bro at tracker.bro-ids.org
Tue Aug 9 19:43:16 PDT 2011
#487: Bug and missing feature in syslog analyzer
----------------------+------------------------
Reporter: seth | Owner: seth
Type: Problem | Status: new
Priority: Normal | Milestone: Bro1.6
Component: Bro | Version: git/master
Resolution: | Keywords:
----------------------+------------------------
Comment (by seth):
It turns out that some syslog implementations include the final newline in
the actual message and some include an actual end of string null. I'm
thinking that we should just strip either of these bytes from the end of
syslog messages since they aren't exactly correct even though they are in
the actual message on the wire.
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/487#comment:1>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list