[Bro-Dev] Empty log fields

Martin Holste mcholste at gmail.com
Sun Dec 4 09:41:57 PST 2011


I'd really prefer that it be left at a single hyphen, as it cuts down on
log size.  It's also a convention that a ton of other programs use.  The
only acceptable alternative to me would be totally empty field as it still
parsable because it's between the delimiters.  You guys are debating what
the visual output of the log files should be by manipulating the raw output
when you're really debating how programs like bro-cut should output empty
fields.  For me, the logs are database data, and it would be silly to write
out "nil" in a database, (the DB will understand the lack of data to be
NULL).  You want the logs to be a data model, and how they are presented to
an end user should be dictated by the accessing program (view).

On Saturday, December 3, 2011, Bernhard Amann <bernhard at icsi.berkeley.edu>
wrote:
> How about (-) (set of empty)? Would be kind of logical in my opinion
(admittedly only for sets/vectors and not for strings).
>
> Bernhard
>
> On Dec 3, 2011, at 3:08 PM, Matthias Vallentin wrote:
>
>>> The here's another suggestion: let's set empty fields simply to
>>> "(empty)". How about that?
>>
>> I like it because it is self-descriptive, but isn't that a little
>> verbose? I don't have really compelling alternatives though, maybe
>> "(0)", "()", or "(|)" as generic empty set representation?
>>
>>    Matthias
>> _______________________________________________
>> bro-dev mailing list
>> bro-dev at bro-ids.org
>> http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
>
>
> _______________________________________________
> bro-dev mailing list
> bro-dev at bro-ids.org
> http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.icsi.berkeley.edu/pipermail/bro-dev/attachments/20111204/038703b3/attachment.html 


More information about the bro-dev mailing list