[Bro-Dev] #472: Cleanup scripts in bro-aux
Bro Tracker
bro at tracker.bro-ids.org
Mon Jul 18 10:36:15 PDT 2011
#472: Cleanup scripts in bro-aux
---------------------+---------------------
Reporter: robin | Owner:
Type: Task | Status: new
Priority: Normal | Milestone: Bro1.6
Component: Bro | Version:
Resolution: | Keywords: preview
---------------------+---------------------
Comment (by jsiwek):
By "cleanup" does that mean some need to be updated to work or that some
can be removed because they're no longer necessary? To me, the later
seems to be common:
* bro_logchk: not sure this is still helpful with the new HTTP/FTP log
formats -- grep/awk could probably easily replace a lot of what it does
* host-grep: I think this just doesn't work because new logs are tab
delimited and the final `grep -E` anchors the regex with spaces. I think
the -a option is broken irrespective of new policy script log format. I
can submit a fix for both, but I'd need clarification on what the -a
option is really supposed to do.
* host-to-addrs: still fine
* hot-report: is this still applicable? It also depends on `hf` and `cf`,
so at least it probably doesn't make sense to maintain it in this repo
anymore since those utils aren't either?
* ip-grep: still fine
* mon-report: not sure if this is still needed, but seems like the only
reason why it wouldn't work is that it depends on either `host-grep` or
`hot-report`
* lock_file: seems fine
* mvlog: can't this now be done entirely with the new logging framework's
postprocessor hooks?
Anything else I overlooked?
--
Ticket URL: <http://tracker.bro-ids.org/bro/ticket/472#comment:2>
Bro Tracker <http://tracker.bro-ids.org/bro>
Bro Issue Tracker
More information about the bro-dev
mailing list