[Bro-Dev] #472: Cleanup scripts in bro-aux

Bro Tracker bro at tracker.bro-ids.org
Mon Jul 18 10:36:15 PDT 2011

#472: Cleanup scripts in bro-aux
  Reporter:  robin   |      Owner:
      Type:  Task    |     Status:  new
  Priority:  Normal  |  Milestone:  Bro1.6
 Component:  Bro     |    Version:
Resolution:          |   Keywords:  preview

Comment (by jsiwek):

 By "cleanup" does that mean some need to be updated to work or that some
 can be removed because they're no longer necessary?  To me, the later
 seems to be common:

 * bro_logchk: not sure this is still helpful with the new HTTP/FTP log
 formats -- grep/awk could probably easily replace a lot of what it does
 * host-grep: I think this just doesn't work because new logs are tab
 delimited and the final `grep -E` anchors the regex with spaces.  I think
 the -a option is broken irrespective of new policy script log format.  I
 can submit a fix for both, but I'd need clarification on what the -a
 option is really supposed to do.
 * host-to-addrs: still fine
 * hot-report: is this still applicable?  It also depends on `hf` and `cf`,
 so at least it probably doesn't make sense to maintain it in this repo
 anymore since those utils aren't either?
 * ip-grep: still fine
 * mon-report: not sure if this is still needed, but seems like the only
 reason why it wouldn't work is that it depends on either `host-grep` or
 * lock_file: seems fine
 * mvlog: can't this now be done entirely with the new logging framework's
 postprocessor hooks?

 Anything else I overlooked?

Ticket URL: <http://tracker.bro-ids.org/bro/ticket/472#comment:2>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker

More information about the bro-dev mailing list